Re: Security concerns: OGHAM SPACE MARK

From: David Starner <prosfilaes_at_gmail.com>
Date: Tue, 21 Jul 2015 05:05:11 +0000

It's a confusable. There's a lot of them in Unicode. Auditing source code
is hard, and if it's a concern, I suggest filtering out all non-ASCII
characters.

If you really think it's a concern, let's be specific; what do you mean
this kind of behavior in bank transactions? If you're worried about the
bank's JavaScript, you already have to trust code written for OS/360 that
the bank considers proprietary and to be keep deeply hidden, as if you
could read GOTO-laden PL/I anyway.

On Mon, Jul 20, 2015 at 8:49 AM "Jörg Knappen" <jknappen_at_web.de> wrote:

> I stumbled over a very strange snippet of javascript code, where an
> apparent
> minus sign is interpreted as a space here:
>
> http://stackoverflow.com/questions/31507143/why-does-2-40-equal-42
>
> Imagine such kind of behaviour in bank transactions ...
>
> --Jörg Knappen
>
Received on Tue Jul 21 2015 - 00:07:02 CDT

This archive was generated by hypermail 2.2.0 : Tue Jul 21 2015 - 00:07:04 CDT