W3C home > Mailing lists > Public > public-html@w3.org > July 2007

Re: review of "The root element" subsection (considering html/@charset)

From: Dan Connolly <connolly@w3.org>
Date: Tue, 10 Jul 2007 13:02:14 -0500
To: Simon Pieters <simonp@opera.com>
Cc: Robert Burns <rob@robburns.com>, Andrew Sidwell <takkaria@gmail.com>, HTML Working Group <public-html@w3.org>
Message-Id: <1184090534.20170.69.camel@pav>

On Tue, 2007-07-10 at 14:21 +0200, Simon Pieters wrote:
> On Tue, 10 Jul 2007 12:43:44 +0200, Robert Burns <rob@robburns.com> wrote:
> 
> >> No. It is not a requirement for UAs. The requirements for UAs are:
> >>
> >>    http://www.whatwg.org/specs/web-apps/current-work/#determining0
> >
> > I wasn't asking about the UA requirements, I was asking if there was any  
> > research on the current behavior (that we're trying to be backwards  
> > compatible with).
> 
> There was. It is documented in the section referenced above.
> 
>     http://www.hixie.ch/tests/adhoc/html/parsing/encoding/
> 
> >> Perhaps, but it isn't compatible with existing UAs.
>
> > Do we already have some tests on this?
> 
> We do now... ;-)
> 
>     http://simon.html5.org/test/html/parsing/encoding/001.htm

Thanks... I noted those test materials in
  http://esw.w3.org/topic/HtmlTestMaterials

(I encourage others to do likewise with any test materials they have.)

This compatibility form of argument is likely to come
up often enough that it should have a home in our
design principles.

Trying out the current draft
http://esw.w3.org/topic/HTML/ProposedDesignPrinciples ...

I think this principle comes closest...

"Degrade Gracefully

New versions of HTML should allow documents using them to work in user
agents that don't yet support it. Authors will be reluctant to use new
features that cause problems in older browsers, or that don't provide
some sort of graceful fallback."

So even if we allowed <html charset='utf-8'>, authors would be
reluctant to use it until it was widely supported.

And even then, we have...

"Don't Reinvent The Wheel

If there's already a widely used and implemented technology covering
particular use cases, consider specifying that technology in preference
to inventing something new for the same purpose."

Also...

"Secure By Design

Ensure that features work with the security model of the web.
Preferrably address security considerations directly in the
specification."

Messing around with charset stuff invites some particularly
subtle security risks, so I'd rather not change things
if we don't have to.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0032




-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Tuesday, 10 July 2007 18:02:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:46 UTC