RE: Encoding Standard (was: RE: Encoding API exceptions)

> E.g. if you can control a field of some JSON
> through a URL you could load the JSON through a <script> and get some of
> the user's data out by executing a function of sorts due to JSON being
> decoded in a different way from how the server expected it to.

I know this is nit-picking but I was under the impression that the *only* encodings supported for JSON were UTF-8, UTF-16, and UTF-32 (with UTF-8 as the default)? 

This issue could, of course, still occur for a JSON-like script file in a legacy encoding or for JS data inside a legacy-encoded HTML file that is loaded through a <script>. But that's not JSON, per-se, is it? 


Received on Monday, 10 November 2014 19:32:29 UTC