W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2010

[Bug 11337] Some ASCII-compatible encodings have harmless substitutions

From: <bugzilla@jessica.w3.org>
Date: Thu, 18 Nov 2010 22:13:50 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PJCjm-0005UB-18@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11337

Aryeh Gregor <Simetrical+w3cbug@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Simetrical+w3cbug@gmail.com

--- Comment #7 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2010-11-18 22:13:48 UTC ---
Backslash has special meaning in JS and CSS, which are normally embedded in
HTML, so using a character set where that byte has a different meaning could
indeed lead to vulnerabilities.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 18 November 2010 22:13:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 18 November 2010 22:14:00 GMT