W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: security impact of dropping charset default [Re: text/* types and charset defaults [i20]]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 23 Jan 2008 10:23:21 +0100
Message-ID: <47970789.80004@gmx.de>
To: Yutaka Oiwa <y.oiwa@aist.go.jp>
CC: Mark Nottingham <mnot@mnot.net>, 'HTTP Working Group' <ietf-http-wg@w3.org>

Yutaka Oiwa wrote:
> 
>> To be clear, we're talking about removing 
>> <http://tools.ietf.org/id/draft-ietf-httpbis-p3-payload-01.txt>, 
>> section 2.3.1, the entire forth paragraph (i.e., the last one in that 
>> section). This includes removing both the defaulting and the 
>> MUST-level requirement for labeling text/* in a charset other than 
>> ISO-8859-1.
> 
> In general, I agree for dropping "ISO-8859-1" default for text/* content 
> types,
> however, for "text/html" I have a specific concern with that.
> ...

My understanding was that we want to get out of the business of 
specifying anything here, and leave it both to MIME in general and the 
specific media type registrations.

Thus, if character set sniffing is desirable for text/html, it should be 
specified in the HTML spec.

BR, Julian
Received on Wednesday, 23 January 2008 09:23:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT