Unicode bidirectional control characters warning in the web interface

Applies to: VisualSVN Server 5.0 and later

To help mitigate a potential security issue, the web interface of VisualSVN Server displays the following warning when a file's content includes bidirectional (BiDi) control Unicode characters:

This file may be interpreted or compiled differently than represented because it contains bidirectional Unicode text.

Vulnerability description

Content of files with BiDi control characters may be interpreted differently than represented. These characters can change the behavior of source code without any visible representation. Such behavior can be considered as a potential security issue because it can be maliciously used to change code's logic by reordering source code characters. The security issue was assigned the CVE identifier CVE-2021-42574 and is also known as Trojan Source.


If you see this warning, it is recommended to review the contents of the file in an editor that highlights BiDi control characters, for example:

  • Visual Studio 2022 or later
  • Visual Studio Code

You can ignore the warning if the usage of the control characters in the file is intentional.

Last Modified: