W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: UTF-8 in URIs

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 17 Jan 2014 11:18:16 +0100
Message-ID: <909ef298fd66dc4dba47544f032f36b2.squirrel@arekh.dyndns.org>
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Gabriel Montenegro" <gabriel.montenegro@microsoft.com>, "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Zhong Yu" <zhong.j.yu@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "Osama Mazahir" <osamam@microsoft.com>, "Dave Thaler" <dthaler@microsoft.com>, "Mike Bishop" <michael.bishop@microsoft.com>, "Matthew Cox" <macox@microsoft.com>

Le Jeu 16 janvier 2014 22:32, Julian Reschke a écrit :

> A proxy does not need to normalize. Full stop. There is no issue here,

A security proxy does need to normalize. Full stop. Otherwise malware can
trivially bypass security blocks by fuzzing encoding enough the proxy does
not realize anymore the block needs to be applied.

-- 
Nicolas Mailhot
Received on Friday, 17 January 2014 10:18:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC