From: "Mark Davis" <[EMAIL PROTECTED]> > I agree with Kent that it is somewhat less robust to simply remove > ill-formed sequences, since it removes any indication that the data was > corrupted.
Nice that the API gives one the option to choose, huh? ;-) The notion of continuing (even if one is limping along, removing invalid sequences) is to help some of the backcompat story, where there were no errors previously -- without adding security errors due to non-shortest form strings. > But the final decision should be made by the user of the API, since the > desired behavior may vary depending on the environment. Also agreed. MichKa
