On 3/29/2011 2:23 PM, Michael Foord wrote:
Not sure how real the security risk is here:
http://blog.omega-prime.co.uk/?p=107
Basically he is saying that if you store a list of blacklisted files
with names encoded in big-5 (or some other non-utf8 compatible encoding)
if those names are passed at the command line, or otherwise read in and
decoded from an assumed-utf8 source with surrogate escaping, the
surrogate escape decoded names will not match the properly decoded
blacklisted names.
I posted link to this as comment, with my summary of thread.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
