Re: The "prohibited" encodings...

From: Andrew Lipscomb (ewwa@chattanooga.net)
Date: Wed Dec 30 2009 - 15:20:59 CST

Next message: Petr Tomasek: "Re: Filtering and displaying untrusted UTF-8"

Previous message: Phillips, Addison: "RE: HTML5 encodings (was: Re: BOCU patent)"
In reply to: Asmus Freytag: "Re: The "prohibited" encodings..."
Next in thread: Doug Ewell: "Re: The "prohibited" encodings..."
Reply: Doug Ewell: "Re: The "prohibited" encodings..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

> On 12/29/2009 2:03 PM, Phillips, Addison wrote:
>> No, that's not it.
>>
>> UTF-7, BOCU, and SCSU are banned either because they auto-detect
>> as something other than themselves or because an otherwise
>> "innocuous" byte sequence detects as being one of them, thus
>> serving as the basis for an XSS attack. UTF-32 is banned
>> apparently because naïve implementations might detect it as
>> UTF-16.

Except that UTF-32 *isn't* on the banned list that started this
thread--discouraged, though, as I understand it. The fourth one
was CESU-8 (which, granted, has only one character that can be
encoded two ways, the NULL).

Next message: Petr Tomasek: "Re: Filtering and displaying untrusted UTF-8"
Previous message: Phillips, Addison: "RE: HTML5 encodings (was: Re: BOCU patent)"
In reply to: Asmus Freytag: "Re: The "prohibited" encodings..."
Next in thread: Doug Ewell: "Re: The "prohibited" encodings..."
Reply: Doug Ewell: "Re: The "prohibited" encodings..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Wed Dec 30 2009 - 15:26:10 CST