On Fri, 29 Aug 2008, Phillips, Addison wrote: > > In particular, the *autodetection* of UTF-7 as an encoding in Web pages > should be a "MUST NOT" in HTML5, IMHO, because that is a well-known XSS > attack. Auto-detection of UTF-7 serves no other purpose in real-world > Web documents. I believe there is a TAG finding to this effect. Further, > the authors of the UTF-7 RFCs have expressed support for that course of > action (as has the I18N WG and, I believe, the UTC). Is there something in HTML5 that I missed? I thought we already said this. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Friday, 29 August 2008 20:12:49 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 1 October 2008 10:18:56 GMT