projects / platform / upstream / dotnet / runtime.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 76f1d29) | patch
Defense-in-depth: Web encoders should escape BOM U+FEFF (dotnet/corefx#39815)
authorLevi Broderick <GrabYourPitchforks@users.noreply.github.com>
Tue, 30 Jul 2019 17:40:47 +0000 (10:40 -0700)
committerGitHub <noreply@github.com>
Tue, 30 Jul 2019 17:40:47 +0000 (10:40 -0700)
commit621fe7e242f18fad97aaf3dd394322fb48ac6768
tree0f7de2b303cf23b7b7e89c6c4ebd7e06187d2430tree | snapshot
parent76f1d296fb4d190900ed5325bc83f9b8935f941acommit | diff
Defense-in-depth: Web encoders should escape BOM U+FEFF (dotnet/corefx#39815)

As a defense-in-depth mechanism, HtmlEncoder and related types should always encode the Unicode Byte Order Mark (U+FEFF), even if the caller passes a bitmap that lists this as an allowed code point. This helps provide protection for misbehaving clients which incorrectly strip the Byte Order Mark from input sequences.

Commit migrated from https://github.com/dotnet/corefx/commit/9d6729a940952dcc14dc8683218684f4da29198a
src/libraries/System.Text.Encodings.Web/src/System/Text/Unicode/UnicodeHelpers.generated.cs diff | blob | history
src/libraries/System.Text.Encodings.Web/tests/UnicodeHelpersTests.cs diff | blob | history
src/libraries/System.Text.Encodings.Web/tools/GenDefinedCharList/Program.cs diff | blob | history
Domain: Dotnet / Core;