W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2006

Re: Default Charsets

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 13 Jun 2006 23:16:51 +0200
To: "Robert Sayre" <sayrer@gmail.com>
Cc: ietf-http-wg@w3.org
Message-ID: <ej9u82lo2ijnn9klqmu2s6onr4s6f4jbd8@hive.bjoern.hoehrmann.de>

* Robert Sayre wrote:
>FWIW, Mozilla defaults text/xml to utf-8 (doesn't everyone?), but does
>actually use ISO-8859-1/CP-1252 as a default if all else fails,
>including sniffing.

There are two ways to process text/xml content, either as described for
text/xml in RFC 3023 or as described for application/xml in RFC 3023 and
the XML Recommendations. Last time I checked Mozilla did neither. Great
thing for anyone seeking to exploit code injection vulnerabilities.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 13 June 2006 21:17:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:44 GMT