It doesn't mention my favorite Unicode attack, which is using UTF-7 to evade content filters or fool heuristic encoding-sniffers:<p><a href="http://security-sh3ll.blogspot.com/2009/05/exploiting-ie8-utf-7-xss-vulnerability.html" rel="nofollow">http://security-sh3ll.blogspot.com/2009/05/exploiting-ie8-ut...</a>
<i>Font technologies such as TrueType/OpenType are extremely powerful. A glyph in such a font actually may use a small programs to deform the shape radically according to resolution, platform, or language. This is used to chose an optimal shape for the character under different conditions. However, it can also be used in a security attack, since it is powerful enough to change the appearance of, say "$100.00" on the screen to "$200.00" when printed.</i><p>Important to keep in mind, what with all the new web font capabilities.