From: John W Kennedy (jwkenne@attglobal.net)
Date: Thu Dec 24 2009 - 11:30:24 CST
On Dec 24, 2009, at 1:37 AM, Doug Ewell wrote:
> André Szabolcs Szelp wrote:
>
>>> Well, here at Opera we had to disable support for two encodings (UTF-7 and UTF-32) to become HTML5 conformant, if that isn't a waste of developer time, I don't know what is :-)
>>
>> UTF-32 is stateful/poses a security risk?
>
> Only if someone thinks the existence of BE and LE variants poses a security risk or constitutes statefulness in some way.
>
> Some people think "stateful" extends to multi-byte encodings, because you have to keep track of where you within the sequence (lead code unit, first trailing code unit, etc.). By that measure, UTF-32 is actually less stateful than -8 or -16.
But none of them are dangerously stateful, since any given string of bytes (once endianness is established) can always be determined to be invalid or else to have one and only one valid interpretation.
Except, of course, that you have to know what the code is.
-- John W Kennedy "I want everybody to be smart. As smart as they can be. A world of ignorant people is too dangerous to live in." -- Garson Kanin. "Born Yesterday"
This archive was generated by hypermail 2.1.5 : Thu Dec 24 2009 - 11:33:16 CST