dokuwiki -- XSS vulnerability in spellchecker backend

DokuWiki reports:

The spellchecker tests the UTF-8 capabilities of the used browser
by sending an UTF-8 string to the backend, which will send it back
unfiltered. By comparing string length the spellchecker can work
around broken implementations. An attacker could construct a form to
let users send JavaScript to the spellchecker backend, resulting in
malicious JavaScript being executed in their browser.
Affected are all versions up to and including 2007-06-26 even when
the spell checker is disabled.