Hi, Having said that - wouldn't it also be a good idea to replicate the caching >> on the charset versions as well as the charset name? I don't see any >> obvious reason why this isn't possible but perhaps there's something I'm >> missing here. Probably cleaner as a separate patch either way. >> >> regards, >> > > I think it will create a security hazard, if a rogue charset declare > itself as UTF-8 and create a malicious charset decoder, you don't want this > decoder to be shared and reused. >
When you're passing the name of the charset as a string, then you lookup the charset by name, but if you were using Charsets, then you could check that your cache has the same charset instance. Wouldn't that avoid this security issue? regards, Richard Warburton http://insightfullogic.com @RichardWarburto <http://twitter.com/richardwarburto>
