[Catalyst] Backlog for proposed changes in next Catalyst release
Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯
daxim at cpan.org
Thu Jun 27 20:41:26 GMT 2013
> so I don't really see the point of adding extra
> decoding and encoding all over the place
Because it's security relevant. By now the article
<http://perlmonks.org/?node_id=644786> should be well-known. Yes,
this specific circumstance shown there is difficult to trigger and
exploit. That's not the point. One must be in the correct mindset that
even character encoding can be an attack vector.
As a Perl programmer, you must be aware of the difference between UTF8
and UTF-8 and how decoding at the perimeter (instead of passing
through, as you described) is beneficial.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.scsys.co.uk/pipermail/catalyst/attachments/20130627/55fcb3f9/signature.pgp
More information about the Catalyst
mailing list