#2707 Option to display zero-width characters with placeholders

[Sworddragon]

It is possible to enter into KeePass and pretty much any other application characters that have a zero width which are then invisible to the user. But since it is very difficult for the user to avoid this eventually happen in the future (unless one audits their complete personal data and gives up any form of copy/paste, etc.) and the undefined (potential malicious) behavior of such characters it might be not a bad idea trying to counter this.

I think an easy solution would be if the user can enable an option that causes all characters that would be displayed with a zero width to be displayed with a placeholder (e.g. a square) instead.

[Paul]

What characters are zero width?
How are you getting them to enter into KeePass?
If you have them in KeePass you would not be able to enter them by hand so what does it matter if you can't see them?

cheers, Paul

[Sworddragon]

What characters are zero width?

Zero width characters are invisible characters that also have no width and thus are usually difficult to detect in text (for example in Unicode there are hundreds of such characters).

How are you getting them to enter into KeePass?

For example you can get them into KeePass by copying data if the source somehow contains unexpectedly such a character. Unless one is aware of this issue probably nobody can tell if they ever copied such a character by accident in the past into their KeePass database.

If you have them in KeePass you would not be able to enter them by hand so what does it matter if you can't see them?

The behavior is undefined as it depends on the context. For example if you open an URL with such characters this can lead to immediately identifying you. Similar malicious behavior might be as well possible in other fields.