From d7a3e8ec24958958db28dba44542a2c126d94e88 Mon Sep 17 00:00:00 2001
From: "cevans@chromium.org"
 <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 1 Jan 2010 22:16:38 +0000
Subject: If we can't read a unicode character, write the standard "unknown"
 (0xFFFD) character. This will prevent security issues where the current
 behaviour can be used to strip characters out of a string after it has passed
 some validation.

BUG=30798
TEST=utf_string_conversions_unittest.cc,utf_offset_string_conversions_unittest.cc,zip_unittest.cc

Review URL: http://codereview.chromium.org/522029

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35430 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/utf_string_conversions.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'base/utf_string_conversions.cc')

diff --git a/base/utf_string_conversions.cc b/base/utf_string_conversions.cc
index 7376933..d517e1b 100644
--- a/base/utf_string_conversions.cc
+++ b/base/utf_string_conversions.cc
@@ -32,8 +32,7 @@ bool ConvertUnicode(const SRC_CHAR* src,
     if (ReadUnicodeCharacter(src, src_len32, &i, &code_point)) {
       WriteUnicodeCharacter(code_point, output);
     } else {
-      // TODO(jungshik): consider adding 'Replacement character' (U+FFFD)
-      // in place of an invalid codepoint.
+      WriteUnicodeCharacter(0xFFFD, output);
       success = false;
     }
   }
-- 
cgit v1.1