W3C home > Mailing lists > Public > public-webapi@w3.org > March 2007

Re: [XMLHttpRequest] last call comments

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 04 Mar 2007 21:18:07 +0100
Message-ID: <45EB297F.5020704@gmx.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
CC: web API <public-webapi@w3.org>

Bjoern Hoehrmann schrieb:
> * Julian Reschke wrote:
>> "The syntax for the user or password arguments depends on the scheme 
>> being used. If the syntax for either is incorrect per the production 
>> given in the relevant scheme user agents must throw a SYNTAX_ERR 
>> exception. The user and password must be encoded using the encoding 
>> specified by the scheme. If the scheme fails to specify an encoding they 
>> must be encoded using UTF-8."
>>
>> I think this has been mentioned before: does this reflect what today's 
>> implementations do for basic and digest?
> 
> Could you be more specific? Firefox for example will mangle non-ascii
> user names and passwords in strange and harmful ways, so strictly the
> answer to your question is "no" but I don't see this as a problem.

Well, we have that problem with balancing between what would be the 
right thing to do, and what the user agents actually implement. I do 
agree that UTF-8 would be a good choice if the authentication scheme 
spec is silent about it.

That being said: does the Firefox issue have an issue reported? And how 
do IE and Opera behave?

Best regards, Julian
Received on Sunday, 4 March 2007 20:18:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT