- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 25 Jan 2016 15:59:09 -0800
- To: whatwg/encoding <encoding@noreply.github.com>
Received on Monday, 25 January 2016 23:59:38 UTC
> Also, step 9 returns an error on an unencodable character without resetting the encoding mode; in the HTML error mode, this could result in encoding HTML escapes in JIS0208 mode, rather than ASCII mode -- another potential XSS issue. No, that seems false. The HTML error mode outputs ASCII code points. When the encoder algorithm is next invoked with one of those code points, the state will be reset as appropriate. I also don't understand why I'd modify HTML's error mode. The whole specification is built around being able to return a code point together with the error. If your implementation is not that's fine, you don't have to implement it in the same way. I think it would be way weird for HTML's error mode to have a weird case for iso-2022-jp. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/encoding/issues/15#issuecomment-174736489
Received on Monday, 25 January 2016 23:59:38 UTC