- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 03 Dec 2014 15:42:27 +0100
- To: Mathias Bynens <mathiasb@opera.com>
- CC: Boris Zbarsky <bzbarsky@mit.edu>, WebAppSec WG <public-webappsec@w3.org>
On 2014-12-03 15:35, Mathias Bynens wrote: > On Wed, Dec 3, 2014 at 2:42 PM, Julian Reschke <julian.reschke@gmx.de> wrote: >> On 2014-12-02 20:30, Boris Zbarsky wrote: >>> Maybe I should have made that mode clear. A bunch of people are >>> apparently "doing JSON" by calling eval on the received bytes or some >>> such insanity. That will work with the escapes, but not with UTF-8. >> >> Oops. It won't? > > Consider a JSON-serialized string containing a raw U+200B or U+200C > symbol. (See <https://speakerdeck.com/mathiasbynens/hacking-with-unicode?slide=135> > and next slides for some more examples.) Ah, that problem. Boris, is that what you had in mind? Best regards, Julian
Received on Wednesday, 3 December 2014 14:43:01 UTC