...
| Wiki Markup |
|---|
According to the Unicode Standard \[[Unicode 2008|AA. Java References#Unicode 08]\], annex #15, Unicode Normalization Forms: |
When implementations keep strings in a normalized form, they can be assured that equivalent strings have a unique binary representation.
Normalization Forms KC and KD must not be blindly applied to arbitrary text. Because they erase many formatting distinctions, they will prevent round-trip conversion to and from many legacy character sets, and unless supplanted by formatting markup, they may remove distinctions that are important to the semantics of the text. It is best to think of these Normalization Forms as being like uppercase or lowercase mappings: useful in certain contexts for identifying core meanings, but also performing modifications to the text that may not always be appropriate. They can be applied more freely to domains with restricted character sets ...
...
Validating input before normalization can allow attackers to bypass filters and other security mechanisms. This can result in the execution of arbitrary code.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS02-J | high | probable | medium | P12 | L1 |
...