- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 25 Jan 2019 01:05:06 -0800
- To: whatwg/encoding <encoding@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 25 January 2019 09:05:28 UTC
Thanks for that analysis, I guess that is indeed a novel angle that I'm not sure was fully considered. That would affect most legacy encodings to some extent, including Shift_JIS I suspect (we tend to unwind for ASCII bytes as a general principle). Since most implementations are now aligned I wonder to what extent they want to change this again. At the very least we should add a warning somewhere or maybe add a paragraph to the security considerations that suggests that if you're using a legacy encoding, you have to be sure that it's identical to those defined and that otherwise you need to account for the difference in behavior being exploited. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/encoding/issues/171#issuecomment-457504032
Received on Friday, 25 January 2019 09:05:28 UTC