Re: draft-montenegro-httpbis-uri-encoding

On 2014-03-21 14:05, Nicolas Mailhot wrote:
> ...
>> Practically, how is a UA supposed to *know* the encoding that was used
>> for the URI *unless' it constructed it itself? (Which is not what
>> browsers do; they only construct the query part).
>
> If the browser constructed the URL it knows damn well what is the encoding
> of its address bar and how to convert to UTF-8

OK. But that is true only if the URI was constructed by parsing the 
address bar. It's not the case when following links in documents (when 
try are already percent-escaped).

> If the browser got the uRL in a web page or feed or whatever all those
> documents are supposed to declare an encoding  so they can be interpreted
> at all (and there is a default encoding in the spec if they don't) so it
> can use that encoding and convert to utf-8 before sending

That's only helps when the link wasn't percent-escaped in the first place.

> If the encoding declared in the document or in the http headers the web
> site set is wrong things will fail but no more than if the web page author
> made a typo in its link. And I want them to fail not propagate errors to
> innocent bystanders.
>
> The whole concept of attempting to silently fix problems with heuristics
> till web site authors assume they can write garbage and it will be
> autocorrected at the cost of security and reliability, can not work on a
> large scale. There are too many people willing to exploit the holes the
> autocorrection heuristics open right and left. People doing mistakes is
> not an excuse to writing fuzzy specs to avoid laying responsibility and
> then expect things to work out anyway. That's PHB thinking.
> ...

Oh please. I dislike heuristics as much as you do. But just because we 
dislike it we can't magically get rid of it.

What we discuss here is whether an out-of-band signal actually helps.

Best regards, Julian

Received on Friday, 21 March 2014 13:19:40 UTC