[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Support of kepler, sputnik, etc and security risks
- From: Jim Whitehead II <jnwhiteh@...>
- Date: Sun, 18 Oct 2009 10:33:20 +0100
2009/10/18 Fernando P. García <fernando@develcuy.com>:
> Example 1:
> UTF-8 cross site scripting
> http://xforce.iss.net/xforce/xfdb/39619
>
> Example 2:
> UTF8 encoded HTML code execution
> http://xforce.iss.net/xforce/xfdb/26766
>
> More and more:
> http://webapp.iss.net/Search.do?searchType=keywd&x=0&y=0&keyword=utf8
Most if not all of these have to do with the processing of UTF-8
strings, something which none of the applications you brought up have
to do. The XSS attack is, indeed, a web browser issue.
Lua treats UTF-8 strings as distinct strings. If they're wrong,
they're wrong. This doesn't affect Kepler, Sputnik or any of the
other frameworks in any way that I can see.
- Jim
- References:
- Support of kepler, sputnik, etc and security risks, Fernando P. García
- Re: Support of kepler, sputnik, etc and security risks, Jim Whitehead II
- Re: Support of kepler, sputnik, etc and security risks, David Given
- Re: Support of kepler, sputnik, etc and security risks, Petite Abeille
- Re: Support of kepler, sputnik, etc and security risks, Jim Whitehead II
- Re: Support of kepler, sputnik, etc and security risks, Fernando P. García
