- From: Joshua Bell <notifications@github.com>
- Date: Mon, 13 Jul 2015 14:04:39 -0700
- To: whatwg/encoding <encoding@noreply.github.com>
Received on Monday, 13 July 2015 21:05:10 UTC
Many decoders are stateful, so there's more than just the pending bytes in the internal stream. Blink relies on ICU for non-UTF/non-Latin1 conversions. I'm not an ICU expert (or even a novice, really). It's unclear to me if the API allows for access to the pending buffers (it does give access to the *counts* of the buffers), and I don't see anything giving access to the other internal state. Even if it did give access to the internal state in an opaque way, it seems like security bugs waiting to happen to prime that state with user-supplied byte data. So... unless someone who knows far more about ICU than I do chimes in (I'll ping jshin) I'd rate this as "non-trivial" --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/encoding/issues/7#issuecomment-121058791
Received on Monday, 13 July 2015 21:05:10 UTC