Re: Win IE 7b2 and UTF-8

From: Doug Ewell (
Date: Mon May 15 2006 - 09:55:33 CDT

  • Next message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"

    Philippe Verdy <verdy underscore p at wanadoo dot fr> wrote:

    > This suggestion won't work. The security problem is in the browser,
    > not in the data itself which was created on purpose to break the UTF-8
    > rules.
    > Those attempting to use this problem will generate broken UTF-8 (for
    > example and notably to bypass email filtering against spam, based on
    > keyword detections)
    > If the filter is designed to detect specific words, and validates its
    > input before treating it, it will not detect the forbidden characters
    > or keywords, and the content will pass OK through these filters.
    > Then the content will be rendered using UTF-8 despite it should have
    > been blocked by input filters.

    Thus the statement I made earlier is proven true: people will find a way
    to criticize Microsoft regardless of what they do.

    Shawn Steele already said the IE team is investigating this situation.

    Doug Ewell
    Fullerton, California, USA

    This archive was generated by hypermail 2.1.5 : Mon May 15 2006 - 10:02:15 CDT