[Python-Dev] Security implications of pep 383

Victor Stinner victor.stinner at haypocalc.com
Tue Mar 29 22:55:47 CEST 2011


Le mardi 29 mars 2011 à 22:40 +0200, Lennart Regebro a écrit :
> The lesson here seems to be "if you have to use blacklists, and you
> use unicode strings for those blacklists, also make sure the string
> you compare with doesn't have surrogates".

No. '\u4f60\u597d'.encode('big5').decode('latin1') gives '§A¦n' which
doesn't contain any surrogate character.

The lesson is: if you compare Unicode filenames on UNIX, make sure that
your system is correctly configured (the locale encoding must be the
filesystem encoding).

Victor



More information about the Python-Dev mailing list