RE: The "prohibited" encodings...

From: Phillips, Addison (
Date: Tue Dec 29 2009 - 16:03:21 CST

  • Next message: Asmus Freytag: "Re: The "prohibited" encodings..."

    No, that's not it.

    UTF-7, BOCU, and SCSU are banned either because they auto-detect as something other than themselves or because an otherwise "innocuous" byte sequence detects as being one of them, thus serving as the basis for an XSS attack. UTF-32 is banned apparently because naïve implementations might detect it as UTF-16.

    None of these encodings encode the same (full) sequence of code points in more than one way, unless you mean that some of them encode identical subsequences of a larger document using different byte values? But that's not the same thing.


    Addison Phillips
    Globalization Architect -- Lab126

    Internationalization is not a feature.
    It is an architecture.

    > -----Original Message-----
    > From: []
    > On Behalf Of Andrew Lipscomb
    > Sent: Tuesday, December 29, 2009 1:01 PM
    > To:
    > Subject: The "prohibited" encodings...
    > I think I just realized what they have in common--each one has the
    > ability to represent binary-identical strings in *more than one*
    > way.

    This archive was generated by hypermail 2.1.5 : Tue Dec 29 2009 - 16:06:30 CST