From: Andrew Lipscomb (email@example.com)
Date: Wed Dec 30 2009 - 15:20:59 CST
> On 12/29/2009 2:03 PM, Phillips, Addison wrote:
>> No, that's not it.
>> UTF-7, BOCU, and SCSU are banned either because they auto-detect
>> as something other than themselves or because an otherwise
>> "innocuous" byte sequence detects as being one of them, thus
>> serving as the basis for an XSS attack. UTF-32 is banned
>> apparently because naïve implementations might detect it as
Except that UTF-32 *isn't* on the banned list that started this
thread--discouraged, though, as I understand it. The fourth one
was CESU-8 (which, granted, has only one character that can be
encoded two ways, the NULL).
This archive was generated by hypermail 2.1.5 : Wed Dec 30 2009 - 15:26:10 CST