[wp-trac] [WordPress Trac] #12284: I/O Sanity Failures With Invalid HTML Entity References
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 25 22:45:24 UTC 2010
#12284: I/O Sanity Failures With Invalid HTML Entity References
-----------------------------+----------------------------------------------
Reporter: miqrogroove | Owner: ryan
Type: defect (bug) | Status: new
Priority: highest omg bbq | Milestone: 3.0
Component: Security | Version:
Severity: blocker | Keywords: has-patch
-----------------------------+----------------------------------------------
Comment(by hakre):
Some notes of today:
{{{
HTML 2.0: RFC1866; 13. The HTML Coded Character Set
<http://www.ietf.org/rfc/rfc1866.txt>
HTML 4.0: HTML 4.01 Specification; 24; Character entity references in HTML
4 <http://www.w3.org/TR/REC-html40/sgml/entities.html>
Unused by HTML 2.0:
0-8, 11-12, 14-31, 127-159
Unused by HTML 4.0:
65534-65535 [0xFFFE-0xFFFF]
Some Numbers and their length:
65534 (5) [highest valid double-byte codepoint]
1114111 (7) [17 Unicode Planes (in use today)]
2147483648 (10) [ISO 10646 UCS-4 31-bit encoding]
4294967296 (10) [64bit Unsigned]
}}}
Some more research is summed up in [http://hakre.wordpress.com/2010/02/25
/html-entity-boundaries-zero-padding/ this report about zero-padding
numeric entities].
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12284#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list