Re: Filtering and displaying untrusted UTF-8

From: Doug Ewell (doug@ewellic.org)
Date: Thu Dec 31 2009 - 19:25:06 CST

• Previous message: Christopher Miller: "Re: Vertical line(s) below"
• In reply to: Jason Schauberger: "Re: Filtering and displaying untrusted UTF-8"
• Next in thread: Petr Tomasek: "Re: Filtering and displaying untrusted UTF-8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Petr Tomasek <tomasek at etf dot cuni dot cz> wrote:

>> * 0xE000 - 0xF900 (private use; since everyone can make up a
>> different character for a code point in private use, filter them all)
>
> This is very bad idea since it efectively blocks people using other
> chars that those defined in the unicode standard. (BTW, microsoft
> and others have their own PUA assignements...)

Perhaps it would help to know exactly what security hole this is
supposed to close. I don't get it either; if I want to define U+E000 as
a Tengwar letter, someone else wants to define it as a Latin ligature,
and someone else wants it to be a Masonic cipher symbol, how does
receiving U+E000 across this connection affect security?

--
Doug Ewell  |  Thornton, Colorado, USA  |  http://www.ewellic.org
RFC 5645, 4645, UTN #14  |  ietf-languages @ http://is.gd/2kf0s ­

• Previous message: Christopher Miller: "Re: Vertical line(s) below"
• In reply to: Jason Schauberger: "Re: Filtering and displaying untrusted UTF-8"
• Next in thread: Petr Tomasek: "Re: Filtering and displaying untrusted UTF-8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Thu Dec 31 2009 - 19:26:56 CST