W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [CSP3] Please define the encoding used for violation reports

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Tue, 02 Dec 2014 11:30:03 -0800
Message-ID: <547E133B.8090306@mit.edu>
To: Julian Reschke <julian.reschke@gmx.de>, public-webappsec@w3.org
On 12/2/14, 8:10 AM, Julian Reschke wrote:
> On 2014-12-02 16:44, Boris Zbarsky wrote:
>> Right now we're implicitly ending up in the "The default encoding is
>> UTF-8" of section 3 of RFC 4627, but it might be good to make that
>> explicit, since JSON does allow other encodings.
>
> Sounds right.
>
>> In particular, we should make it explicit that UTF8 is used in
>> preference to \uXXXX escapes.
>
> How does this help? Either you do JSON, in which case you will
> understand the escapes, or you don't, in which case you're in trouble...

Maybe I should have made that mode clear.  A bunch of people are 
apparently "doing JSON" by calling eval on the received bytes or some 
such insanity.  That will work with the escapes, but not with UTF-8.

-Boris
Received on Tuesday, 2 December 2014 19:30:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC