[Bug 11337] New: Some ASCII-compatible encodings have harmless substitutions from bugzilla@jessica.w3.org on 2010-11-17 (public-html@w3.org from November 2010)

From: <bugzilla@jessica.w3.org>
Date: Wed, 17 Nov 2010 19:07:07 +0000
To: public-html@w3.org
Message-ID: <bug-11337-2495@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=11337

           Summary: Some ASCII-compatible encodings have harmless
                    substitutions
           Product: HTML WG
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: yuhongbao_386@hotmail.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


"Encodings in which a series of bytes in the range 0x20 to 0x7E can encode
characters other than the corresponding characters in the range U+0020 to
U+007E represent a potential security vulnerability:"
What this doesn't mention is that some ASCII-compatible encodings like
Shift-JIS have harmless substitutions, such as replacing the backslash with the
yen sign, which is OK because it is not used much (if at all) in HTML.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Wednesday, 17 November 2010 19:07:09 UTC