Clarify that encoding tokens are scalar values #195
Labels
clarification
Standard could be clearer
good first issue
Ideal for someone new to a WHATWG standard or software project
security/privacy
There are security or privacy implications
Comments
annevk
added
clarification
|
I support both those suggestions, though would suggest that rather than explicitly mentioning (Anyone that's able to sign https://participate.whatwg.org/agreement should feel free to pick this up and work on a PR.) |
annevk
added
the
good first issue
|
I'm working on a pull request for this issue. |
annevk
pushed a commit
that referenced
this issue
Jan 20, 2020
This replaces some occurrences of "code point" with "scalar value", since it might not be clear to passing readers that output streams from decoding and input streams to encoding cannot contain tokens which are surrogates. Fixes #195.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems like the fact that Unicode tokens are scalar values, rather than code points, is far from clear in the spec. Other than the usage of
USVStringand related algorithms in the API section, the only mention of scalar values in the normative text is in the definition of encoding. In fact, the definition of token refers explicitly to code points, rather than scalar values.This could actually result in a security issue if a specification weren't careful when using the encoding hooks – encoding handlers based on indices would raise an error on surrogate code points, but the UTF-8 handler would go along with it, returning a byte sequence which would fail on decoding.
I propose adding some text to the note in the hooks section informing specs that they should only invoke the encoding algorithms with streams built from a
USVString, as well as adding an assertion in the process algorithm that, ifencoderDecoderInstanceis an encoder instance,inputmust not be a surrogate.The text was updated successfully, but these errors were encountered: