On 16/01/2018 13:30, John Levine wrote: > I think the normal approach is to accept strings only in a single > script. Mixed scripts are generally malicious in any sort of > identifier context. What, however, is a script?