I remember seeing a piece of software on this forum that automatically detects what a string is encoded with (base64, protobuf, etc.) and it will automatically layer decodings to get you back the original string.<p>Does anyone remember the name of this software?
It sounds scary to me.<p>You can't count on this kind of thing really being "correct" because for all you know the string that somebody wants to represent really is a valid Base64 encoded string.<p>Any kind of complex deserialization behavior makes it possible that an attacker can make a string that might deserialize differently with different implementations or under different circumstances and that can be the basis for security problems that are often worse than you think they'd be at a first glance.