> so I don't really see the point of adding extra > decoding and encoding all over the place Because it's security relevant. By now the article <http://perlmonks.org/?node_id=644786> should be well-known. Yes, this specific circumstance shown there is difficult to trigger and exploit. That's not the point. One must be in the correct mindset that even character encoding can be an attack vector.
As a Perl programmer, you must be aware of the difference between UTF8 and UTF-8 and how decoding at the perimeter (instead of passing through, as you described) is beneficial.
signature.asc
Description: PGP signature
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
