This presentation explores common mistakes made by programmers when dealing with Unicode support and character encodings on the Web. For each mistake, I explain how to fix/prevent it, but also how it could possibly be exploited.
Event: HackPra — the hacking lecture at the Ruhr University in Bochum
Video: https://www.youtube.com/watch?v=qFfjJ8pOrWY&hd=1 (use these slides though, not the ones in the video)
2016 update: https://speakerdeck.com/mathiasbynens/hacking-with-unicode-in-2016