This presentation explores common mistakes made by programmers when dealing with Unicode support and character encodings on the Web. For each mistake, I explain how to fix/prevent it, but also how it could possibly be exploited.

Event: HackPra — the hacking lecture at the Ruhr University in Bochum

Video: https://www.youtube.com/watch?v=qFfjJ8pOrWY&hd=1 (use these slides though, not the ones in the video)

Links: http://lanyrd.com/2014/hackpra/sczxgz/

2016 update: https://speakerdeck.com/mathiasbynens/hacking-with-unicode-in-2016