imranceh / browsersec

Automatically exported from code.google.com/p/browsersec
0 stars 0 forks source link

HTML UNUSED DOCSET #24

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Do you have any study how browsers behave if the receive raw or entities 
withing unused sets ?

    * 0 to 31, except 9, 10, and 13 (C0 control characters)
    * 127 (DEL character)
    * 128 to 159 (C1 control characters)
    * 55296 to 57343 (xD800-xDFFF, the UTF-16 surrogate halves)

Original issue reported on code.google.com by a.in.th...@gmail.com on 24 Sep 2010 at 6:55

GoogleCodeExporter commented 9 years ago
I presume you're talking about these appearing in Unicode HTML documents.

I would presume they are either displayed as <?> or mapped based on ISO-8859-1. 
Do you expect this to be of relevance to security?

Original comment by lcam...@gmail.com on 24 Sep 2010 at 7:21

GoogleCodeExporter commented 9 years ago
Without additional data, this bug is not actionable.

Original comment by lcam...@gmail.com on 21 Feb 2011 at 7:06

GoogleCodeExporter commented 9 years ago
sorry this was not ment as DEFECT, just inspiration for deeper investigation.
I have mailed you PDF with browser  displays in various encodings.
but feel free to ignore... I will remind you later with targeted CVEs ;-)

Original comment by a.in.th...@gmail.com on 21 Feb 2011 at 10:44