Roy T. Fielding wrote: > Because the only known way to avoid the security holes in existing > browsers that sniff UTF-7 is to add a charset parameter even when > the exact charset is not known to the server. That is specific to > HTTP and is a known problem due to browser's ignoring the existing > requirements of HTTP that this thread intends to remove. Hm. 1) MIME says: default for text/* is US-ASCII. 2) RFC2616 says: default for text/* is ISO-8859. 3) Browsers do content sniffing, thus they ignore both 1) and 2). So if we remove 2), how does this change the situation WRT sniffing? I'm not totally opposed to mentioning this, but I'd really like to understand how the intended change changes the situation... BR, JulianReceived on Wednesday, 23 January 2008 19:38:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 October 2011 12:14:00 GMT