After some thinking, my current opinion is.

1. Maybe NFC is better than NFKD, but I am not a Unicode expert.

2. I think the real bug is the order of escaping and normalization. The 
normalization (if a must) should be performed earlier right after valStr is 
created and only performed on valStr. Otherwise the NFKD normalization would 
generate new chars that need to be escaped. Again I am not a Unicode expert and 
I don't know if NFC will also do the same.

If 2) is fixed, whatever is correct in 1) does not matter much.

Thanks
Max

> On Sep 19, 2016, at 10:32 AM, Xuelei Fan <xuelei....@oracle.com> wrote:
> 
>> 4. Is it possible to perform normalization before escaping special 
>> characters?
>> 
> Yes.  I though about this case.  The current fix comes from the fact that 
> UTF-8 "Hello, world!" and "Hello, world!" should be different. Parsing them 
> as the same thing may result in unexpected serious issues.

Reply via email to