Latest news in the bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=430740#c42
Igor wrote:
"So MSIE simply treats BOM as a whitespace for the purpose of
parsing. Which
suggests to do this in SM to fix the bug: treat BOM as one of Unicode
whitespace characters in the scanner avoiding any chara
Igor Bukanov wrote:
> It seems the current IE7/IE8 behavior is to allow Cf only in srtring
> and regexp literals and to allow BOM only in string/regexps or at the
> beginning of the source,
Precisely what does "in string and regexp literals" mean? The exact
interpretation of this phrase is the c
It seems the current IE7/IE8 behavior is to allow Cf only in srtring
and regexp literals and to allow BOM only in string/regexps or at the
beginning of the source, see
https://bugzilla.mozilla.org/show_bug.cgi?id=430740#c32 . This is very
reasonable.
Igor
__
On Tue, Jul 15, 2008 at 11:27 AM, Igor Bukanov <[EMAIL PROTECTED]> wrote:
> 2008/7/15 Mark Miller <[EMAIL PROTECTED]>:
> > As we've found with the ES3-specified stripping of Cf characters, the
> main
> > effect of such transparent stripping of characters is to help attackers
> slip
> > XSS attacks
2008/7/15 Mark Miller <[EMAIL PROTECTED]>:
> As we've found with the ES3-specified stripping of Cf characters, the main
> effect of such transparent stripping of characters is to help attackers slip
> XSS attacks past defensive filters. ES3.1 agrees with ES4 that BOMs and Cfs
> should be treated as
On Tue, Jul 15, 2008 at 11:00 AM, Igor Bukanov <[EMAIL PROTECTED]> wrote:
> 2008/7/15 Ash Berlin <[EMAIL PROTECTED]>:
> >
> > I'd say that a BOM should be treated just like any ordinary whitespace
> > char - namely that it should invalid in spaces, and beyond that why is
> > any conversion needed,
2008/7/15 Ash Berlin <[EMAIL PROTECTED]>:
>
> I'd say that a BOM should be treated just like any ordinary whitespace
> char - namely that it should invalid in spaces, and beyond that why is
> any conversion needed, since its a valid unicode character...
The problem comes from the current ES3 imple
On 15 Jul 2008, at 18:39, Ash Berlin wrote:
>
> On 15 Jul 2008, at 18:22, Igor Bukanov wrote:
>
>> The currently proposed rule for byte-order-mark (BOM) characters in
>> ES4 sources is to replace them by whitespace outside of tokens. But
>> what is exactly the tokens in a case like --?
>>
>> AFAI
On 15 Jul 2008, at 18:22, Igor Bukanov wrote:
> The currently proposed rule for byte-order-mark (BOM) characters in
> ES4 sources is to replace them by whitespace outside of tokens. But
> what is exactly the tokens in a case like --?
>
> AFAICS it would be treated as - - turning cases like:
> --
The currently proposed rule for byte-order-mark (BOM) characters in
ES4 sources is to replace them by whitespace outside of tokens. But
what is exactly the tokens in a case like --?
AFAICS it would be treated as - - turning cases like:
--a;
into
- -a;
versus
--a;
that would be with current E
10 matches
Mail list logo