I've been using a pretty draconian whitelist for sanitizing user input.

However, this really only covers American English (maybe British too, but I'm not sure). It certainly won't work for Spanish, French, or German, much less Arabic, Hebrew, or anything further off the beaten path like the East Asian character sets. Has anyone done work on input validation for any languages other than English? I found virtually nothing on the topic beyond the arguments over blacklist vs. whitelist. There's little on implementation, and nothing I've found on implementation for an internationalized situation.

I can include most of the Western European languages, and "almost" have the characters for the Chinese Pinyin romanization just by including part of the Latin-1 Supplemental code points...

It would be easier to use the single range, À-ÿ but that would include both × and ÷. Do those characters raise any potential security concerns? Can you get away with them? I would think (and feel free to correct me) that most letters should be safe but punctuation and mathematical operators are more open to abuse.

__________________
-------------------------

Whatever you can do or dream you can, begin it. Boldness has genius, power and magic in it. Begin it now.
-Johann von Goethe

When Two Hearts Race... Both Win.
-Dove Chocolate Wrapper

Chroniclemaster1, Founder of www.EarthChronicle.com
A Growing History of our Planet, by our Planet, for our Planet.