daira at jacaranda.org
Mon Jul 13 23:28:42 UTC 2015
On 25/06/15 06:00, travis+ml-langsec at subspacefield.org wrote:
convert \u escapes before lexing; it only interprets them in identifiers and strings.
(This was the same in previous versions, and also in vendor implementations of
(If you want to allow only a safe subset, see the FILTER_CDATA rule of
<http://jacaranda.org/jacaranda-spec-0.46.txt>. Note: Jacaranda is a dead project;
I am no longer confident that the general approach it used is sound, and my current
focus is on new languages built from scratch for security.)
Daira Hopwood ⚥
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the langsec-discuss