On 8/22/10, Peter Eisentraut <peter_e@gmx.net> wrote:
> On sön, 2010-08-22 at 14:29 -0400, Tom Lane wrote:
> > I just noticed that we are now advertising the ability to insert UTF16
> > surrogate pairs in strings and identifiers (see section 4.1.2.2 in
> > current docs, in particular). Is this really wise? I thought that
> > surrogate pairs were specifically prohibited in UTF8 strings, because
> > of the security hazards implicit in having more than one way to
> > represent the same code point.
>
>
> We combine the surrogate pair components to a single code point and
> encode that in UTF-8. We don't encode the components separately; that
> would be wrong.
AFAICS our UTF8 validator (pg_utf8_islegal) detects and rejects
such sequences, if they are inserted via any means, eg. \x
Although it's not very obvious...
--
marko
