From b34716f7e9f40ce2b26e2750af20dfafcd91ea8e Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 26 Jul 2018 14:50:55 +0100
Subject: [PATCH] take into account homoglyphs when calculating similar display
 names to prevent homoglyph attacks

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 package.json | 3 ++-
 src/utils.js | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 2796f502d..63809fa60 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,8 @@
     "bluebird": "^3.5.0",
     "browser-request": "^0.3.3",
     "content-type": "^1.0.2",
-    "request": "^2.53.0"
+    "request": "^2.53.0",
+    "unhomoglyph": "^1.0.2"
   },
   "devDependencies": {
     "babel-cli": "^6.18.0",
diff --git a/src/utils.js b/src/utils.js
index 1587c64a3..0f05d6eb3 100644
--- a/src/utils.js
+++ b/src/utils.js
@@ -19,6 +19,8 @@ limitations under the License.
  * @module utils
  */
 
+const unhomoglyph = require('unhomoglyph');
+
 /**
  * Encode a dictionary of query parameters.
  * @param {Object} params A dict of key/values to encode e.g.
@@ -665,10 +667,11 @@ module.exports.isNumber = function(value) {
 
 /**
  * Removes zero width chars, diacritics and whitespace from the string
+ * Also applies an unhomoglyph on the string, to prevent similar looking chars
  * @param {string} str the string to remove hidden characters from
  * @return {string} a string with the hidden characters removed
  */
 module.exports.removeHiddenChars = function(str) {
-    return str.normalize('NFD').replace(removeHiddenCharsRegex, '');
+    return unhomoglyph(str.normalize('NFD').replace(removeHiddenCharsRegex, ''));
 };
 const removeHiddenCharsRegex = /[\u200B-\u200D\u0300-\u036f\uFEFF\s]/g;