W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [CSP3] Please define the encoding used for violation reports

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 03 Dec 2014 14:42:15 +0100
Message-ID: <547F1337.5080203@gmx.de>
To: Boris Zbarsky <bzbarsky@mit.edu>, public-webappsec@w3.org
On 2014-12-02 20:30, Boris Zbarsky wrote:
> On 12/2/14, 8:10 AM, Julian Reschke wrote:
>> On 2014-12-02 16:44, Boris Zbarsky wrote:
>>> Right now we're implicitly ending up in the "The default encoding is
>>> UTF-8" of section 3 of RFC 4627, but it might be good to make that
>>> explicit, since JSON does allow other encodings.
>>
>> Sounds right.
>>
>>> In particular, we should make it explicit that UTF8 is used in
>>> preference to \uXXXX escapes.
>>
>> How does this help? Either you do JSON, in which case you will
>> understand the escapes, or you don't, in which case you're in trouble...
>
> Maybe I should have made that mode clear.  A bunch of people are
> apparently "doing JSON" by calling eval on the received bytes or some
> such insanity.  That will work with the escapes, but not with UTF-8.

Oops. It won't?
Received on Wednesday, 3 December 2014 13:42:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC