Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
UTF-8入門
Search
yn2011
December 27, 2018
Programming
0
190
UTF-8入門
文字コード / Unicode / UTF-8のデコード例 / UTF-8の脆弱性
yn2011
December 27, 2018
Tweet
Share
More Decks by yn2011
See All by yn2011
シェル芸入門
yn2011
1
980
オブジェクト指向プログラミングについて調べてみた
yn2011
0
310
初心者系エンジニアにおすすめの技術書3冊
yn2011
0
210
Other Decks in Programming
See All in Programming
Go言語はstack overflowの夢を見るか?
logica0419
0
260
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
convto
2
490
Server Side Kotlin Meetup vol.16: 内部動作を理解して ハイパフォーマンスなサーバサイド Kotlin アプリケーションを書こう
ternbusty
3
180
AI Coding Meetup #3 - 導入セッション / ai-coding-meetup-3
izumin5210
0
3.3k
Android16 Migration Stories ~Building a Pattern for Android OS upgrades~
reoandroider
0
110
開発生産性を上げるための生成AI活用術
starfish719
3
680
高度なUI/UXこそHotwireで作ろう Kaigi on Rails 2025
naofumi
4
4k
Catch Up: Go Style Guide Update
andpad
0
220
明日から始めるリファクタリング
ryounasso
0
140
GraphQL×Railsアプリのデータベース負荷分散 - 月間3,000万人利用サービスを無停止で
koxya
1
1.3k
CSC509 Lecture 06
javiergs
PRO
0
260
Django Ninja による API 開発効率化とリプレースの実践
kashewnuts
0
1.3k
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.3k
Producing Creativity
orderedlist
PRO
347
40k
How to Ace a Technical Interview
jacobian
280
24k
Why Our Code Smells
bkeepers
PRO
339
57k
Bash Introduction
62gerente
615
210k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.6k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Agile that works and the tools we love
rasmusluckow
331
21k
A designer walks into a library…
pauljervisheath
209
24k
Transcript
UTF-8ೖ 2018/12/27 ΄ΖΑ͍ͯͬ͘ @yn2011
ࣗݾհ • SalesforceͱJavaScriptͷਓ • ࠷ۙͷझຯγΣϧܳ
͢͜ͱ • จࣈίʔυͷجૅ • Unicode / UTF-8 ͷ֓ཁ • UTF-8
ͷΤϯίʔυ/σίʔυ • UTF-8 ͷ੬ऑੑ
͢͜ͱ • จࣈίʔυͷجૅ • Unicode / UTF-8 ͷ֓ཁ • UTF-8
ͷΤϯίʔυ/σίʔυ • UTF-8 ͷ੬ऑੑ
จࣈίʔυʁ
จࣈίʔυ ͱ จࣈූ߸ԽํࣜΛ ۠ผ͢Δ
จࣈίʔυʢූ߸Խจࣈू߹ʣ • ֤จࣈʹରԠ͢ΔϏοτͷΈ߹ΘͤΛఆٛ • e.g. ASCII, JIS X 0208, Unicode
… UnicodeͷจࣈίʔυදͷྫʢҰ෦ʣ UnicodeҰཡ 3000-3FFF / WikipediaΑΓҾ༻
จࣈූ߸Խํࣜ • จࣈූ߸Խํࣜจࣈίʔυͷӡ༻نଇ • e.g. Unicode:UTF-8, UTF-16.. UTF-8ͷྫʢҰ෦ʣ ΦϨϯδ ORANGE-FACTORY
UTF-8ͷจࣈίʔυදΑΓҾ༻
WindowsͷϝϞா • ࠞཚ͢Δʢఆ൪ʣ
͢͜ͱ • จࣈίʔυͷجૅ • Unicode / UTF-8 ͷ֓ཁ • UTF-8
ͷΤϯίʔυ/σίʔυ • UTF-8 ͷ੬ऑੑ
UTF-8ʁ
UTF-8 • UTF-8UnicodeͱݺΕΔจࣈίʔυͷ จࣈූ߸Խํࣜͷ̍ͭ UTF-8 / Wikipedia ΑΓҾ༻
Unicode • ੈքதͷจࣈΛूͨ͠จࣈίʔυ • ଟݴޠରԠͷίετݮ • ओͳූ߸ԽํࣜʹUTF-8ͱUTF-16 Amazon Ϣχίʔυઓه ΑΓҾ༻
Unicode จࣈίʔυʮʯݚڀɹվగୈ2൛ P431ΑΓҾ༻
Unicode จࣈίʔυʮʯݚڀɹվగୈ2൛ P430ΑΓҾ༻
UTF-8 • Unicode Transformation Format-8 • 1όΠτ୯Ґೖग़ྗʢ8bitʣ • ASCII ޓ
• 1 ~ 6όΠτͷՄมίʔυ
UTF-8 UTF-8 / WikipediaΑΓҾ༻
UTF-8 Pros/Cons • Pros • ASCII த৺ͷσʔλͷ߹΄΅ಉ͡αΠζʢASCIIޓʣ • จࣈͷछྨ͕ଟ͍ʢUnicodeʣ •
Cons • ࣈฏԾ໊͕ 3 όΠτ • ෆཁͳBOMΛ༩ग़དྷͯ͠·͏
Excel • ExcelBOMͳ͠UTF-8ܗࣜͷCSVϑΝΠϧΛ Shift_JISͰղऍ͢Δ BOM͋ΓUTF-8 BOMͳ͠UTF-8ʢShift_JISͰղऍʣ
͢͜ͱ • จࣈίʔυͷجૅ • Unicode / UTF-8 ͷ֓ཁ • UTF-8
ͷΤϯίʔυ/σίʔυ • UTF-8 ͷ੬ऑੑ
UTF-8ͷσίʔυʹઓ
ʢྫʣ 0xCE94ʹରԠ͢ΔจࣈΛ ٻΊΔ
UTF-8ͷσίʔυنଇʢҰ෦ʣ • ઌ಄7Ϗοτ·Ͱنଇ͕͋Δʢলུʣ จࣈίʔυʮʯݚڀɹվగୈ2൛ P448ΑΓҾ༻
0xCE94 • 0xCE = 11001110 • 110xxxxx → xxxxx =
01110 • 0x94 = 10010100 • 10yyyyyy → yyyyyy = 010100 • xxxxxyyyyyy = 01110010100 • U+0394 = Δ
ͳΤϯίʔυ • 0xC0 = 11000000 • 110xxxxx → xxxxx =
00000 • 0xAF = 10101111 • 10yyyyyy → yyyyyy = 101111 • 0xxx xxyy yyyy = 0000 0010 1111 • U+2F = /
͢͜ͱ • จࣈίʔυͷجૅ • Unicode / UTF-8 ͷ֓ཁ • UTF-8
ͷΤϯίʔυ/σίʔυ • UTF-8 ͷ੬ऑੑ
σΟϨΫτϦɾτϥόʔαϧ • ҙਤ͠ͳ͍ϑΝΠϧΞΫηεͰ͖Δ੬ऑੑ • ../../../../../../../../../etc/passwd • / = 0x2FͷΈΛఆ͍ͯ͠Δͱ… •
→ 0xC0AF = / ͕ڐ༰͞Εͯةݥ
Salesforceͩͱ… • SalesforceʢApexʣͰҙͷ16ਐΛUTF-8 Ͱσίʔυ͢Δ // Apex System.debug(EncodingUtil.urlDecode('%e3%81%82', ‘utf-8')); // ͋
ٙΘ͍͠੬ऑੑͷใࠂ
·ͱΊ • UTF-8UnicodeͱݺΕΔจࣈίʔυͷ จࣈූ߸Խํࣜͷ̍ͭ • ASCIIޓͰ1~6όΠτͷՄมίʔυ • BOMͱͳΤϯίʔυʹҙ
࢝ จࣈίʔυͱաͦ͝͏
yn2011
logica0419
convto
ternbusty
izumin5210
reoandroider
starfish719
naofumi
andpad
ryounasso
koxya
javiergs
kashewnuts
yeseniaperezcruz
marcduiker
orderedlist
jacobian
bkeepers
62gerente
mongodb
jnunemaker
sugarenia
pedronauck
rasmusluckow
pauljervisheath
