Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

On Wed, 10 Dec 2003 21:51:01 +1300, VeNoMouS <venom@gen-x.co.nz> said:
> and as for the why the %01 works, i can only assume as %01 is a non
> printable character IE stops it there, its the same as if u would use %02
> and so on, or are you that moronic you dont understand character sets?

Yes, we're so moronic that we fail to understand the brilliance of IE not bothering
to print *printable* characters if they happen to follow a non-printing character.

Most reasonable software will put in an outline-box or "\NNN", or other similar
indication a glyph is not displayable in the charset in use, and then *continue
trying* to render the rest of the string.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html