diff --git a/pep-0383.txt b/pep-0383.txt index 7ae2a37c9..0b4fe8349 100644 --- a/pep-0383.txt +++ b/pep-0383.txt @@ -104,6 +104,17 @@ will produce non-sensical data. Data obtained from other sources may conflict with data produced by this PEP. Dealing with such conflicts is out of scope of the PEP. +This PEP allows to "smuggle" bytes in character strings. This would +be a security risk if the bytes are security-critical when interpreted +as characters on a target system, such as path name separators. For +this reason, the PEP rejects smuggling bytes below 128. If the target +system uses EBCDIC, such smuggled bytes may still a security risk, +allowing to smuggle, e.g. square brackets or the backslash. Python +currently does not support EBCDIC, so this should not be a problem in +practice. Anybody porting Python to an EBCDIC system might want to +adjust the error handlers, or come up with other approaches to address +the security risks. + Encodings that are not compatible with ASCII are not supported by this specification; bytes in the ASCII range that fail to decode will cause an exception. It is widely agreed that such encodings