Great code page parser bug by @orange_8361 BestFit suffers from similar issue of NFKC/NFKD where the original character is converted to look a like. This can be misused to inject special characters that should be otherwise escaped. https://worst.fit.

There are so many other issues in Unicode. If you want to learn and practice these type of vulns, I've a free short course at https://learn.secdim.com/course/paypal-homograph/topic/introduction-visual-spoofing #unicode #worstfit #unicodesecurity