Re: Win IE 7b2 and UTF-8

From: Doug Ewell (dewell@adelphia.net)
Date: Mon May 15 2006 - 09:55:33 CDT

  • Next message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"

    Philippe Verdy <verdy underscore p at wanadoo dot fr> wrote:

    > This suggestion won't work. The security problem is in the browser,
    > not in the data itself which was created on purpose to break the UTF-8
    > rules.
    >
    > Those attempting to use this problem will generate broken UTF-8 (for
    > example and notably to bypass email filtering against spam, based on
    > keyword detections)
    >
    > If the filter is designed to detect specific words, and validates its
    > input before treating it, it will not detect the forbidden characters
    > or keywords, and the content will pass OK through these filters.
    >
    > Then the content will be rendered using UTF-8 despite it should have
    > been blocked by input filters.

    Thus the statement I made earlier is proven true: people will find a way
    to criticize Microsoft regardless of what they do.

    Shawn Steele already said the IE team is investigating this situation.

    --
    Doug Ewell
    Fullerton, California, USA
    http://users.adelphia.net/~dewell/
    


    This archive was generated by hypermail 2.1.5 : Mon May 15 2006 - 10:02:15 CDT