Write-up of CVE-2015-1287 and CVE-2015-5826: Data exfiltration abusing CSS + UTF-16, one of my greatest findings! http://blog.innerht.ml/cross-origin-css-attacks-revisited-feat-utf-16/ …
@FakeUnicode I know, but where is it discouraged in the *standard* itself? +@ericlaw @filedescriptor
-
-
@mathias@FakeUnicode@filedescriptor It isn't. But it's also fair to say that the UTF8 BOM is uncommon in web responses. -
@ericlaw@mathias@filedescriptor Per 8.0 specs, the "common/important" uses are themselves disappearing slowly.pic.twitter.com/jfUsQZ9NB4
- 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.