Unicode non-character being treat as space on Firefox/Chrome
Mark S. Miller
erights at google.com
Thu May 25 13:04:58 UTC 2017
What is the relevant EcmaScript standards text that would delegate to this?
Even if Unicode implies an undefined case, EcmaScript should not. If
EcmaScript behavior for such cases is undefined, we should define it.
On Thu, May 25, 2017 at 9:01 AM, Michał Wadas <michalwadas at gmail.com> wrote:
> I believe that Unicode specification make it undefined behaviour.
>
> In effect, noncharacters can be thought of as application-internal
> private-use code points. Unlike the private-use characters discussed in
> Section 16.5, Private-Use Characters, which are assigned characters and
> which are intended for use in open interchange, subject to interpretation
> by private agreement, noncharacters are permanently reserved (unassigned)
> and have no interpretation whatsoever outside of their possible
> application-internal private uses
>
> http://www.unicode.org/versions/Unicode6.0.0/ch16.pdf
>
>
>
> On Thu, May 25, 2017 at 12:33 PM, Gareth Heyes <
> gareth.heyes at portswigger.net> wrote:
>
>> Hi all
>>
>> Not sure if this is a bug or not. Non-character is being treated as a
>> space even though it's not defined as one. Edge and Safari treat it as an
>> invalid character.
>>
>> ```javascript
>> �alert�(1)�
>> ```
>>
>> In case the characters get mangled:
>> ```javascript
>> eval("alert"+String.fromCharCode(65534)+"(1)");
>> ```
>>
>> Cheers
>> Gareth
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
--
Cheers,
--MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20170525/811666bd/attachment.html>
More information about the es-discuss
mailing list