W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: security impact of dropping charset default

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 23 Jan 2008 18:12:32 +0100
To: "Frank Ellermann" <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>, ietf-http-wg@w3.org
Message-ID: <op.t5d7e6rt64w2qv@annevk-t60.oslo.opera.com>

On Wed, 23 Jan 2008 18:02:43 +0100, Frank Ellermann  
<nobody@xyzzy.claranet.de> wrote:
>> If support for UTF-7 can't be removed than deprecating it will
>> hardly matter.
>
> You're not forced to support all registered charsets today, do you
> support say pc-multilingual-850+euro (a.k.a. cp00858) or any older
> incarnations of "cp850" ?  Likely you don't, and IMO "deprecating"
> UTF-7 +/- Unicode-1-1 just offers you a reference to justify your
> decision to drop it from your list of supported charsets.
>
> Likely you also don't support UTF-1, BOCU-1, SCSU, or UTF-EBCDIC,
> what's special with UTF-7 ?

Character encodings are sort of beyond what I invest my time in, but I'd  
expect us to support encodings that are in use (apart from UTF-32 which we  
support for no good reason) and not necessarily those that made it to a  
list.


> [...] Not covering windows-1252 would be of course odd, and
> I think you need Latin-1 for HTML versions before HTML I18N, but
> UTF-7 isn't required (IIRC IMAP requires its own variant, that's
> not the UTF-7 we're talking about).

You seem to have the impression that browser treat different versions of  
HTML differently. It has been pointed out several times that this is not  
the case and I will tell you again that this is so. Browsers don't care  
about HTML versions.

I would expect support for UTF-7 to depend on existing content. Again, I  
haven't done research in this area.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 23 January 2008 17:09:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT