[Webkit-unassigned] [Bug 42112] U+0000 is turned to U+FFFD (replacement character)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 15 08:10:30 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=42112
--- Comment #13 from Alexey Proskuryakov <ap at webkit.org> 2010-07-15 08:10:30 PST ---
Yes, that certainly addresses the known practical issues.
In general, I think that the more complicated null handling gets, the more potential security issues there are. The recent security problems with nulls that I know of were all caused by stripping them in tokenizer instead of passing as is, which some software did, and some didn't perform. Converting nulls to U+FFFD will be a unique trait of HTML5 processing, so it will likely always remain an unexpected feature for many.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list