To protect against potential security risks associated with invisible Unicode characters, this patch adds an additional check to both commit messages and files. This blocks the most dangerous invisible characters while allowing: - U+200C (ZWNJ) and U+200D (ZWJ): Essential for emoji and complex scripts - U+FE00-FE0F (variation selectors): Used with emoji - U+FEFF (BOM): Only at file start (position 0) Always blocked: - U+200B (zero-width space): Primary stealth attack vector - U+2060-2069 (invisible operators/separators): Stealth attack vectors - U+E0100-E01EF (variation selectors supplement): Rarely legitimate See: https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace Task-number: QTQAINFRA-7514 Change-Id: Ibcff19797d8217fe8d81141ed60f430783358357 Reviewed-by: Daniel Smith <daniel.smith@qt.io> Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>