W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: ISSUE-28 (http-mime-override): Content type rules in HTML 5 overlaps with the HTTP specification? [HTML Principles/Requirements]

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 25 Jan 2008 15:25:12 -0600
Message-ID: <479A53B8.5040304@mit.edu>
To: "Roy T. Fielding" <fielding@gbiv.com>
CC: "public-html@w3.org" <public-html@w3.org>

Roy T. Fielding wrote:
> No, they haven't.  Where are you getting this stuff?  Try a clean 
> installation
> of any Apache version with the distributed configuration files (Apache will
> not wipe out old configurations on install).

Then it's the Linux distros that are changing the default configuration. 
  The net result from the browser's point of view is the same: more web 
servers that default everything to "text/plain; charset=UTF-8".

> Also, don't forget that the only reason Apache has the AddDefaultCharset
> feature (off by default)

Sadly various Linux distros are defaulting it on.

Really, from the point of view of HTML5 it doesn't matter whose fault 
the headers being sent are.  It might be the fault of Apache, or IE, or 
Netscape, or the great spaghetti monster.  What matters is what UAs need 
to do to be compatible with with web.

> If you start sniffing content with a charset,
> then you had better remove support for the charsets that are only used
> for XSS attacks.

The text content-type sniffing performed by Gecko never results in the 
browser handling the content as anything other than "text" (per the 
headers sent by the server) or "binary" (puts up a dialog asking what to 
do).

-Boris
Received on Friday, 25 January 2008 21:25:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:12 GMT