Hacking with Unicode

Tweetdeck was XSSed using unicode in June 2014. If you want to understand how these kinds of attacks work, you should really come see this talk.

If you think you know how unicode is handled in JavaScript, server-side code and databases, you should come see this talk.

If you don't care about unicode, you really need to see this talk.

Hacking with UnicodeThis presentation explores common mistakes made by programmers when dealing with Unicode support and character encodings on the Web. Foreach mistake, I will explain how to fix/prevent it, but also how it could possibly be exploited.

Speaker: Mathias Bynens is a Belgian web standards freak. He likes HTML, CSS, JavaScript, Unicode, performance, and security. At Opera Software he’s a member of the Developer Relations team.