[Catalyst] Re: mod_perl converts latin1 to utf8 !?
Aristotle Pagaltzis
pagaltzis at gmx.de
Mon Dec 22 23:55:43 GMT 2008
* Jonathan Rockway <jon at jrock.us> [2008-12-22 22:00]:
> my $data = Encode::decode('utf8', $raw_data);
> process($data);
> print Encode::encode('utf8', $data);
Use `UTF-8`, not `utf8`. The lowercase non-dash version will
perform purely the integer representation conversion but will
not do any validity checks, such as whether an octet sequence
actually decodes to a valid codepoint or if it is even well-
formed, so it could be used to hide XSS or other injection
attacks.
It’s annoying that Perl makes the lazy choice the wrong one.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
More information about the Catalyst
mailing list