We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Following my proposal, this sentence was added to the spec:
For security reasons, a conforming parser must strip or replace the Unicode character U+0000.
Thinking more about it, stripping characters is a security risk in itself. I'd propose to change the spec to read:
For security reasons, the Unicode character NULL (U+0000) must be replaced with the replacement character (U+FFFD).
It might also make sense to put this sentence in a separate section, for example 2.3 Insecure characters.
This matches the behavior of the C library. We could also allow a parser to error out whenever it encounters a NULL character.
This also clarifies the spec. See http://talk.commonmark.org/t/how-exactly-should-parsers-handle-u-0000/993/2
The text was updated successfully, but these errors were encountered:
02ca812
No branches or pull requests
Following my proposal, this sentence was added to the spec:
Thinking more about it, stripping characters is a security risk in itself. I'd propose to change the spec to read:
It might also make sense to put this sentence in a separate section, for example 2.3 Insecure characters.
This matches the behavior of the C library. We could also allow a parser to error out whenever it encounters a NULL character.
This also clarifies the spec. See http://talk.commonmark.org/t/how-exactly-should-parsers-handle-u-0000/993/2
The text was updated successfully, but these errors were encountered: