On Wed, Jul 3, 2019 at 8:47 AM Sławomir Osipiuk via Unicode < [email protected]> wrote:
> Security gateways filter it out completely, as a matter of best practice > and security-in-depth. > > > > A process, let’s call it Process W, adds a bunch of U+000F to a string it > received, or built, or a user entered via keyboard. ... > It stores in it a database UTF-8 encoded field... > And the database driver filters out the U+000F completely as a matter of best practice and security-in-depth. You can't say "this character should be ignored everywhere" and "this character should be preserved everywhere" at the same time. That's the contradiction.
