detecting ill-formed UTF-8 (was RE: [question] UTF-8 issue)

From: Chris Weber (chris@casabasecurity.com)
Date: Sat Oct 10 2009 - 14:29:37 CDT

Next message: Satoshi Nakagawa: "Japanese text handling problem in Unicode Collation Algorithm"

Previous message: Markus Scherer: "Re: [question] UTF-8 issue"
In reply to: Markus Scherer: "Re: [question] UTF-8 issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

We have a runtime Web-application security testing and auditing tool called
Watcher, available at http://websecuritytool.codeplex.com/. It includes a
check that detects ill-formed UTF-8 in HTTP/S-based Web-applications. It
seems to be a rare occurrence in my experience, but when a Web-app does emit
ill-formed UTF-8 it's usually from an interesting bug/root cause.

After reading some of the responses here, I need to revisit this check and
make sure it's detecting the surrogates. It's open source so if anyone
happens to take a look and notice an error please let me know!

- Chris Weber

Web: http://www.casabasecurity.com

Blog: http://www.lookout.net

Next message: Satoshi Nakagawa: "Japanese text handling problem in Unicode Collation Algorithm"
Previous message: Markus Scherer: "Re: [question] UTF-8 issue"
In reply to: Markus Scherer: "Re: [question] UTF-8 issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Sat Oct 10 2009 - 14:34:41 CDT