Encoders should forbid Zs (space separator) characters except U+0020 SPACE

2015-02-13 14:12:40 -08:00 · 2015-02-13 14:12:40 -08:00 · fc52487294
parent 0dd3a49463
commit fc52487294
2 changed files with 1 additions and 1 deletions
--- a/src/Microsoft.AspNet.WebUtilities/Encoders/UnicodeEncoderBase.cs
+++ b/src/Microsoft.AspNet.WebUtilities/Encoders/UnicodeEncoderBase.cs
@ -53,7 +53,7 @@ namespace Microsoft.AspNet.WebUtilities.Encoders
            ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks

            // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
-            // (includes categories Cc, Cs, Co, Cn, Zl, Zp)
+            // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
            uint[] definedCharactersBitmap = UnicodeHelpers.GetDefinedCharacterBitmap();
            Debug.Assert(definedCharactersBitmap.Length == _allowedCharsBitmap.Length);
            for (int i = 0; i < _allowedCharsBitmap.Length; i++)
--- a/src/Microsoft.AspNet.WebUtilities/compiler/resources/unicode-7.0.0-defined-characters.bin
+++ b/src/Microsoft.AspNet.WebUtilities/compiler/resources/unicode-7.0.0-defined-characters.bin