Ah, sorry. I meant to say that the string should always be normalized (not "sanitized") before being checked for exploits (i.e. sanitized).
-----Original Message----- From: Sławomir Osipiuk [mailto:sosip...@gmail.com] Sent: Sunday, June 23, 2019 20:28 To: unicode@unicode.org Cc: 'Richard Wordingham' Subject: RE: Unicode "no-op" Character? The string should always be sanitized before being checked for exploits