Re: Win IE 7b2 and UTF-8

From: Doug Ewell (dewell@adelphia.net)
Date: Mon May 15 2006 - 09:55:33 CDT

Next message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"

Previous message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
In reply to: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Next in thread: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Reply: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Philippe Verdy <verdy underscore p at wanadoo dot fr> wrote:

> This suggestion won't work. The security problem is in the browser,
> not in the data itself which was created on purpose to break the UTF-8
> rules.
>
> Those attempting to use this problem will generate broken UTF-8 (for
> example and notably to bypass email filtering against spam, based on
> keyword detections)
>
> If the filter is designed to detect specific words, and validates its
> input before treating it, it will not detect the forbidden characters
> or keywords, and the content will pass OK through these filters.
>
> Then the content will be rendered using UTF-8 despite it should have
> been blocked by input filters.

Thus the statement I made earlier is proven true: people will find a way
to criticize Microsoft regardless of what they do.

Shawn Steele already said the IE team is investigating this situation.

--
Doug Ewell
Fullerton, California, USA
http://users.adelphia.net/~dewell/

Next message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Previous message: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
In reply to: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Next in thread: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Reply: Philippe Verdy: "Re: Win IE 7b2 and UTF-8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Mon May 15 2006 - 10:02:15 CDT