diff --git a/pep-0383.txt b/pep-0383.txt index 0b4fe8349..ba8dd216c 100644 --- a/pep-0383.txt +++ b/pep-0383.txt @@ -104,16 +104,17 @@ will produce non-sensical data. Data obtained from other sources may conflict with data produced by this PEP. Dealing with such conflicts is out of scope of the PEP. -This PEP allows to "smuggle" bytes in character strings. This would -be a security risk if the bytes are security-critical when interpreted -as characters on a target system, such as path name separators. For -this reason, the PEP rejects smuggling bytes below 128. If the target -system uses EBCDIC, such smuggled bytes may still a security risk, -allowing to smuggle, e.g. square brackets or the backslash. Python -currently does not support EBCDIC, so this should not be a problem in -practice. Anybody porting Python to an EBCDIC system might want to -adjust the error handlers, or come up with other approaches to address -the security risks. +This PEP allows the possibility of "smuggling" bytes in character +strings. This would be a security risk if the bytes are +security-critical when interpreted as characters on a target system, +such as path name separators. For this reason, the PEP rejects +smuggling bytes below 128. If the target system uses EBCDIC, such +smuggled bytes may still be a security risk, allowing smuggling of +e.g. square brackets or the backslash. Python currently does not +support EBCDIC, so this should not be a problem in practice. Anybody +porting Python to an EBCDIC system might want to adjust the error +handlers, or come up with other approaches to address the security +risks. Encodings that are not compatible with ASCII are not supported by this specification; bytes in the ASCII range that fail to decode