UTF-8 Whitespace Charactersでクロスサイトスクリプティングが動いちゃうらしい。

Opera released version 9.52 of their flagship browser about a month ago to address an issue in the way certain Unicode characters were being interpreted as white space. This behavior enabled cross-site scripting (XSS) attacks which might not otherwise be possible. Perhaps exploiting this issue would also be useful to evade HTML filters, AV's, WAFs, or other detection systems which try to prevent XSS attacks.

Opera Browser Vulnerable To UTF-8 Whitespace Characters