Achim,
On Thu, Apr 1, 2010 at 11:12 AM, Achim Hoffmann <a...@securenet.de> wrote:
> Hi,
>
> first of all: please describe undoubtly in the "Encode/Decode" window that
> all characters keyed in or pasted are UTF-8.
> This is very important if someon tries to copy&paste data from/to browsers
> which use UCS-2.
>
> Said this, here're some oddities you'll stumble over:
>
> 1. in the Encode area type
> €uro
> (where the first character is the Euro currency sign)
> then use URL Encode and it correctly encodes to
> %E2%82%ACuro
>
> Now try to URL Decode, and you get
> \xe2\x82\xacuro
>
> Is this a bug or a feature?
> It's neither! But you need to know what w3af's en-/decoding does. Without
> that knowledge I'd classify it as bug. That's what most user would belief
> also, I assume.
>
> ==> See my initial paragraph: just tell the user what the used charset is,
> then all such questions are illegal ;-)
> ==> Otherwise implement "URL Decode (UTF-8)" which should return €uro again.
>
>
> 2. same problem as 1. applies to Base64 Encode and then Base64 Decode
>
>
> 3. in the Decode area type
> €uro
> then HTML unescape and you get
> \xe2\x82\xacuro
>
> Similar problem as 1. above. But I'd consider this a bug in w3af.
>
> Same applies to
> €uro
>
>
> 4. in the Encode area type
> €uro
> then HTML Escape it and you get
> €uro
>
> This is a bug too.
>
>
> 5. UTF-8 Encoding return the same as URL Encoding
> Do I miss something here?
> Otherwise I'd rename UTF-8 Encoding to UTF-8 Encoding (URL).
>
>
> 6. Microsoft %U Encoding for
> €uro
> returns
> %UE282AC%U0075%U0072%U006F
>
> I'm not sure if %UE282AC is really accepted by Micro$oft.
> Can someone please check.
>
>
> 7. MySQL Encoding and MSSQL Encoding
> use Euro again as string, I doubt that the result is correct.
>
>
> Sorry for being that pedantic;-)
hehehe, patches make you less pedantic ;)
> Achim
>
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
