compareCount++;
A pair like Cyrillic ԁ (U+0501) and Latin d scores 0.781 mean SSIM across 18 fonts. That sounds moderate. But it is pixel-identical (SSIM 1.000) in eight of those fonts: Arial, Menlo, Cochin, Tahoma, Charter, Georgia, Baskerville, and Verdana. An attacker needs only one font to succeed. The exploitable risk is the max, not the mean.
,这一点在搜狗输入法2026中也有详细论述
Same-font vs cross-font: font pairing matters
面对许多仍然需要跨越的“雪山”“草地”、需要征服的“娄山关”“腊子口”,习近平总书记的殷殷告诫振聋发聩——