full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] noise about full-width

Re: [Full-disclosure] noise about full-width encoding bypass?

From: Brian Eaton <eaton.lists_at_nospam>
Date: Mon May 21 2007 - 19:28:27 GMT
To: ascii <ascii@katamail.com>


On 5/21/07, ascii <ascii@katamail.com> wrote:
> Brian Eaton wrote:
> > To summarize what I've heard from various sources: I am missing
> > something important. =) Both PHP and ASP.NET will decode these
> > characters into their ASCII equivalents.
>
> (AFAIK)
>
> Only ASP.NET/IIS decodes that automatically.
>
> PHP *can* do that as like JSP and probably others but that has
> to happen explicitly in the application code or on an other layer.

(Cracking up that somebody going by the handle ascii is commenting on character encoding issues. =)

Given how few application platforms decode full-width unicode to ASCII equivalents, is there a case to be made that those application platforms that do decide this conversion is a good idea are broken?

Put another way: should this be considered a bug in ASP.NET?

Regards,
Brian



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/