|Main Archive Page > Month Archives > websecurity archives|
We've seen UTF7 based xss (example google http://www.securiteam.com/securitynews/6Z00L0AEUE.html) exploited in the wild and I'm wondering is there ever a situation where UTF7 is required for a website to work? Are there certain charsets/languages that will not render/function properly unless UTF7 is used (I'm thinking no)?
It seems to me you could just set UTF8 as a requirement (specified in headers/meta) and avoid these utf7 xss issues. Any encoding ninja's care to comment?
Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]