W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [CSP3] Please define the encoding used for violation reports

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 03 Dec 2014 15:42:27 +0100
Message-ID: <547F2153.1060502@gmx.de>
To: Mathias Bynens <mathiasb@opera.com>
CC: Boris Zbarsky <bzbarsky@mit.edu>, WebAppSec WG <public-webappsec@w3.org>
On 2014-12-03 15:35, Mathias Bynens wrote:
> On Wed, Dec 3, 2014 at 2:42 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
>> On 2014-12-02 20:30, Boris Zbarsky wrote:
>>> Maybe I should have made that mode clear.  A bunch of people are
>>> apparently "doing JSON" by calling eval on the received bytes or some
>>> such insanity.  That will work with the escapes, but not with UTF-8.
>>
>> Oops. It won't?
>
> Consider a JSON-serialized string containing a raw U+200B or U+200C
> symbol. (See <https://speakerdeck.com/mathiasbynens/hacking-with-unicode?slide=135>
> and next slides for some more examples.)

Ah, that problem.

Boris, is that what you had in mind?

Best regards, Julian
Received on Wednesday, 3 December 2014 14:43:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC