lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Example 1:
UTF-8 cross site scripting
http://xforce.iss.net/xforce/xfdb/39619

Example 2:
UTF8 encoded HTML code execution
http://xforce.iss.net/xforce/xfdb/26766

More and more:
http://webapp.iss.net/Search.do?searchType=keywd&x=0&y=0&keyword=utf8

Blessings!

On Sat, Oct 17, 2009 at 7:29 PM, Jim Whitehead II <[email protected]> wrote:
On Sat, Oct 17, 2009 at 8:51 PM, Petite Abeille <[email protected]> wrote:
>
> On Oct 17, 2009, at 10:39 PM, David Given wrote:
>
>> There isn't really a good solution to this --- it's one of the reasons
>> why Unicode domain names have never really taken off.
>
> Hmmm... this is not really related to "kepler, sputnik, etc", isn't it?

Precisely my point.  Why does a web server need to be concerned with
this?  What's the attack vector?

- Jim



--
Fernando P. García, http://www.develcuy.com
Developer - Analista de Sistemas
+51 1 9 8991 7871, Calle Santa Catalina Ancha #377, Cusco -Perú

** Antes de imprimir este mensaje piensa en tu compromiso con el medio ambiente, protegerlo depende de tí.