W3C home > Mailing lists > Public > www-international@w3.org > April to June 2014

[Bug 25339] New: Make hz-gb-2312 a label of the replacement encoding

From: <bugzilla@jessica.w3.org>
Date: Mon, 14 Apr 2014 10:30:21 +0000
To: www-international@w3.org
Message-ID: <bug-25339-4285@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25339

            Bug ID: 25339
           Summary: Make hz-gb-2312 a label of the replacement encoding
           Product: WHATWG
           Version: unspecified
          Hardware: All
               URL: http://telemetry.mozilla.org/#release/28/DECODER_INSTA
                    NTIATED_HZ/saved_session/Firefox
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encoding
          Assignee: annevk@annevk.nl
          Reporter: hsivonen@hsivonen.fi
        QA Contact: sideshowbarker+encodingspec@gmail.com
                CC: jshin@chromium.org, mike@w3.org,
                    www-international@w3.org

HZ is an exceptionally dangerous encoding, because its escape sequence consists
of printable ASCII characters. See
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20886#c3 .

In Firefox 28, I constrained the inheritance of HZ, removed it from the UI so
that it can't be chosen manually and added telemetry for counting sessions in
which the HZ decoder has been instantiated.

Sessions in which the HZ decoder has been instantiated are very rare: such a
session occurs less often than once in a million sessions.
http://telemetry.mozilla.org/#release/28/DECODER_INSTANTIATED_HZ/saved_session/Firefox

This suggests that the utility of HZ is so small that it should be regarded
mainly as an XSS attack vector and be mapped the replacement encoding.

I'd be interested in hearing the perspective of developers of other browsers,
Chrome especially, since Chrome has resisted the addition of useless or merely
marginally useful encodings.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 14 April 2014 10:30:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 14 April 2014 10:30:28 UTC