July 2010 Blog Posts
The unemployment rate in Washington State as of May 2010 was 9.1%, and while this is slightly lower than the national average, there are still a great number of people going hungry. You can help! On Saturday, February 26th, the Saturday before the MVP Summit, GeekGive is organizing volunteers to work with Northwest Harvest in the Seattle Area. Join MVPs from around the world in this unique opportunity to give back to the community, network with your peers, and enjoy the Seattle area a bit more. You can sign up online – I have. Technorati Tags: MVP Summit,GeekGive,Northwest...
Historically AntiXSS has had problems with surrogates (go on, make the baby jokes, I’ll wait). Unicode surrogates are a way of combining two characters to enable the character range in UTF16 to go beyond 0xFFFF. Characters (or more accurately code points) between 0x000 and 0xFFFF made up the Basic Multilingual Plane however the code points and tables within the BMP are pretty much all used up – so how do you get beyond this? Any code point beyond 0xFFFF is broken down into two characters, a high surrogate (which lies between DB800 and DBFF) and a low surrogate (between DC00...
So this sprint I’ve been playing around with AntiXSS. This makes me very nervous, changing something that quite a few folks internally and externally depend on is a heavy burden! One of the most popular requests was “Can you support language X?” and now the answer is probably yes. I say probably, because we’re covering the UTF-16 code tables – if you wanted support for Byzantine Musical Notation (really, it exists) then you’re out of luck. Now there’s a little problem in all of this – Unicode doesn’t have a concept of language, it has code tables. If you’re...
When I started off discussing where I would take the Security Runtime Engine with the Developer Security MVPs Raffaele Rialdi asked if there would be a way to inspect raw requests and responses. Whilst I can’t do requests, as I don’t see them until ASP.NET has parsed them I can do responses, via ASP.NET’s filter mechanisms so, despite him tagging someone else as me on Facebook I started to look at how best to do this and came up with IResponseInspector. The response inspector works slightly differently to the other inspectors – by the time it’s called there is no...