This sort of stuff can be the basis for many XSS attacks, see http://websec.gith... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		motti on Oct 23, 2015 \| parent \| context \| favorite \| on: Mimic – abusing Unicode to create tragedy This sort of stuff can be the basis for many XSS attacks, see http://websec.github.io/unicode-security-guide/character-tra... For instance, \u2329, \uFE64, \uFF1C and \u3008 can be best-fitted automatically to \u003C (the regular '<' mark in HTML)

lisivka on Oct 23, 2015 [–]

It is also good tool to check is Unicode supported well: just convert all user visible messages and then check interface of the program for <?> or [].

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact