- From: Michael Smith via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 23 Oct 2009 22:17:00 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec-author-view
In directory hutz:/tmp/cvs-serv3506
Modified Files:
Overview.html acknowledgements.html browsers.html comms.html
dom.html editing.html embedded-content-0.html forms.html
history.html index.html infrastructure.html
interactive-elements.html introduction.html microdata.html
named-character-references.html obsolete.html offline.html
references.html semantics.html spec.html syntax.html
tabular-data.html text-level-semantics.html
the-canvas-element.html the-xhtml-syntax.html video.html
Log Message:
Reword the stuff about authors not using encodings to make more sense. (whatwg r4307)
[updated by splitter]
Index: infrastructure.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/infrastructure.html,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -d -r1.453 -r1.454
--- infrastructure.html 23 Oct 2009 22:07:13 -0000 1.453
+++ infrastructure.html 23 Oct 2009 22:16:57 -0000 1.454
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="introduction.html">← 1 Introduction</a> –
<a href="Overview.html#contents">Table of contents</a> –
@@ -351,12 +351,11 @@
to support do things outside that range? -->, ignoring bytes that
are the second and later bytes of multibyte sequences, all
correspond to single-byte sequences that map to the same Unicode
- characters as those bytes in ANSI_X3.4-1968 (US-ASCII). <a href="references.html#refsRFC1345">[RFC1345]</a></p><p class="note">This includes such encodings as Shift_JIS and
- variants of ISO-2022, even though it is possible in these encodings
- for bytes like 0x70 to be part of longer sequences that are
- unrelated to their interpretation as ASCII. It excludes such
- encodings as UTF-7, UTF-16, HZ-GB-2312, GSM03.38, and EBCDIC
- variants.</p><!--
+ characters as those bytes in ANSI_X3.4-1968 (US-ASCII). <a href="references.html#refsRFC1345">[RFC1345]</a></p><p class="note">This includes such encodings as Shift_JIS,
+ HZ-GB-2312, and variants of ISO-2022, even though it is possible in
+ these encodings for bytes like 0x70 to be part of longer sequences
+ that are unrelated to their interpretation as ASCII. It excludes
+ such encodings as UTF-7, UTF-16, GSM03.38, and EBCDIC variants.</p><!--
We'll have to change that if anyone comes up with a way to have a
document that is valid as two different encodings at once, with
different <meta charset> elements applying in each case.
Index: text-level-semantics.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/text-level-semantics.html,v
retrieving revision 1.451
retrieving revision 1.452
diff -u -d -r1.451 -r1.452
--- text-level-semantics.html 23 Oct 2009 22:07:14 -0000 1.451
+++ text-level-semantics.html 23 Oct 2009 22:16:58 -0000 1.452
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="semantics.html">← 4 The elements of HTML</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: history.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/history.html,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -d -r1.453 -r1.454
--- history.html 23 Oct 2009 22:07:13 -0000 1.453
+++ history.html 23 Oct 2009 22:16:57 -0000 1.454
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="offline.html">← 6.7 Offline Web applications</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: tabular-data.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/tabular-data.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- tabular-data.html 23 Oct 2009 22:07:14 -0000 1.452
+++ tabular-data.html 23 Oct 2009 22:16:58 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="the-canvas-element.html">← 4.8.11 The canvas element</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: microdata.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/microdata.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- microdata.html 23 Oct 2009 22:07:13 -0000 1.452
+++ microdata.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="interactive-elements.html">← 4.11 Interactive elements</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/Overview.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- Overview.html 23 Oct 2009 22:07:12 -0000 1.454
+++ Overview.html 23 Oct 2009 22:16:57 -0000 1.455
@@ -241,7 +241,7 @@
</dl><p>This specification is available in the following formats:
<a href="spec.html">single page HTML</a>,
<a href="Overview.html">multipage HTML</a>.
-This is revision 1.3442.
+This is revision 1.3443.
</p>
<p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
© 2009 <a href="http://www.w3.org/"><abbr title="World Wide
Index: embedded-content-0.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/embedded-content-0.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- embedded-content-0.html 23 Oct 2009 22:07:13 -0000 1.452
+++ embedded-content-0.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="dom.html">← 3 Semantics, structure, and APIs of HTML documents</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: dom.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/dom.html,v
retrieving revision 1.455
retrieving revision 1.456
diff -u -d -r1.455 -r1.456
--- dom.html 23 Oct 2009 22:07:13 -0000 1.455
+++ dom.html 23 Oct 2009 22:16:57 -0000 1.456
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="infrastructure.html">← 2 Common infrastructure</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: acknowledgements.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/acknowledgements.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- acknowledgements.html 23 Oct 2009 22:07:13 -0000 1.452
+++ acknowledgements.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="references.html">← References</a> –
<a href="Overview.html#contents">Table of contents</a>
Index: the-canvas-element.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/the-canvas-element.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- the-canvas-element.html 23 Oct 2009 22:07:14 -0000 1.454
+++ the-canvas-element.html 23 Oct 2009 22:16:58 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="video.html">← 4.8.7 The video element</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: forms.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/forms.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- forms.html 23 Oct 2009 22:07:13 -0000 1.454
+++ forms.html 23 Oct 2009 22:16:57 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="tabular-data.html">← 4.9 Tabular data</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: interactive-elements.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/interactive-elements.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- interactive-elements.html 23 Oct 2009 22:07:13 -0000 1.452
+++ interactive-elements.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="forms.html">← 4.10 Forms</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: editing.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/editing.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- editing.html 23 Oct 2009 22:07:13 -0000 1.454
+++ editing.html 23 Oct 2009 22:16:57 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="history.html">← 6.8 Session history and navigation</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: video.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/video.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- video.html 23 Oct 2009 22:07:14 -0000 1.454
+++ video.html 23 Oct 2009 22:16:58 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="text-level-semantics.html">← 4.6 Text-level semantics</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: browsers.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/browsers.html,v
retrieving revision 1.455
retrieving revision 1.456
diff -u -d -r1.455 -r1.456
--- browsers.html 23 Oct 2009 22:07:13 -0000 1.455
+++ browsers.html 23 Oct 2009 22:16:57 -0000 1.456
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="microdata.html">← 5 Microdata</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: the-xhtml-syntax.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/the-xhtml-syntax.html,v
retrieving revision 1.451
retrieving revision 1.452
diff -u -d -r1.451 -r1.452
--- the-xhtml-syntax.html 23 Oct 2009 22:07:14 -0000 1.451
+++ the-xhtml-syntax.html 23 Oct 2009 22:16:58 -0000 1.452
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="named-character-references.html">← 9.2 Named character references</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: offline.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/offline.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- offline.html 23 Oct 2009 22:07:13 -0000 1.452
+++ offline.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="browsers.html">← 6 Web browsers</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: syntax.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/syntax.html,v
retrieving revision 1.455
retrieving revision 1.456
diff -u -d -r1.455 -r1.456
--- syntax.html 23 Oct 2009 22:07:14 -0000 1.455
+++ syntax.html 23 Oct 2009 22:16:58 -0000 1.456
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="comms.html">← 8 Communication</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: obsolete.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/obsolete.html,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -d -r1.453 -r1.454
--- obsolete.html 23 Oct 2009 22:07:13 -0000 1.453
+++ obsolete.html 23 Oct 2009 22:16:57 -0000 1.454
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="the-xhtml-syntax.html">← 10 The XHTML syntax</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: named-character-references.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/named-character-references.html,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -d -r1.453 -r1.454
--- named-character-references.html 23 Oct 2009 22:07:13 -0000 1.453
+++ named-character-references.html 23 Oct 2009 22:16:57 -0000 1.454
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="syntax.html">← 9 The HTML syntax</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: references.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/references.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- references.html 23 Oct 2009 22:07:13 -0000 1.452
+++ references.html 23 Oct 2009 22:16:58 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="index.html">← Index</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: semantics.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/semantics.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- semantics.html 23 Oct 2009 22:07:13 -0000 1.454
+++ semantics.html 23 Oct 2009 22:16:58 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="embedded-content-0.html">← 3.2.5.1.6 Embedded content</a> –
<a href="Overview.html#contents">Table of contents</a> –
@@ -981,13 +981,26 @@
<code><a href="#meta">meta</a></code> element with an <code title="attr-meta-http-equiv"><a href="#attr-meta-http-equiv">http-equiv</a></code> attribute in the
<a href="#attr-meta-http-equiv-content-type" title="attr-meta-http-equiv-content-type">Encoding declaration
state</a>, then the character encoding used must be an
- <a href="infrastructure.html#ascii-compatible-character-encoding">ASCII-compatible character encoding</a>.</p><p>Authors should not use JIS_C6226-1983<!-- aka JIS-X-0208,
- x-JIS0208 -->, JIS_X0212-1990<!-- aka JIS-X-0212 -->, HZ-GB-2312<!--
- has crazy handling of ASCII "~" -->, encodings based on ISO-2022<!--
+ <a href="infrastructure.html#ascii-compatible-character-encoding">ASCII-compatible character encoding</a>.</p><p>Authors are encouraged to use UTF-8. Conformance checkers may
+ advise authors against using legacy encodings.</p><p>Encodings in which a series of bytes in the range 0x20 to 0x7E
+ can encode characters other than the corresponding characters in the
+ range U+0020 to U+007E represent a potential security vulnerability:
+ a user agent that does not support the encoding (or does not support
+ the label used to declare the encoding, or does not use the same
+ mechanism to detect the encoding of unlabelled content as another
+ user agent) might end up interpreting technically benign plain text
+ content as HTML tags and JavaScript. In particular, this applies to
+ encodings in which the bytes corresponding to "<code title=""><script></code>" in ASCII can encode a different
+ string. Authors should not use such encodings, which are known to
+ include JIS_C6226-1983<!-- aka JIS-X-0208, x-JIS0208 -->,
+ JIS_X0212-1990<!-- aka JIS-X-0212 -->, HZ-GB-2312<!-- has crazy
+ handling of ASCII "~" -->, encodings based on ISO-2022<!--
http://krijnhoetmer.nl/irc-logs/whatwg/20090628#l-422 and
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-October/023797.html
- -->, and encodings based on EBCDIC. Authors should not use UTF-32.
- Authors must not use the CESU-8, UTF-7, BOCU-1 and SCSU encodings.
+ -->, and encodings based on EBCDIC. Furtermore, authors must not use
+ the CESU-8, UTF-7, BOCU-1 and SCSU encodings, which also fall into
+ this category, because these encodings were never intended for use
+ for Web content.
<a href="references.html#refsRFC1345">[RFC1345]</a><!-- for the JIS types -->
<a href="references.html#refsRFC1842">[RFC1842]</a><!-- HZ-GB-2312 -->
<a href="references.html#refsRFC1468">[RFC1468]</a><!-- ISO-2022-JP -->
@@ -995,22 +1008,13 @@
<a href="references.html#refsRFC1554">[RFC1554]</a><!-- ISO-2022-JP-2 -->
<a href="references.html#refsRFC1922">[RFC1922]</a><!-- ISO-2022-CN and ISO-2022-CN-EXT -->
<a href="references.html#refsRFC1557">[RFC1557]</a><!-- ISO-2022-KR -->
- <a href="references.html#refsUNICODE">[UNICODE]</a>
<a href="references.html#refsCESU8">[CESU8]</a>
<a href="references.html#refsUTF7">[UTF7]</a>
<a href="references.html#refsBOCU1">[BOCU1]</a>
<a href="references.html#refsSCSU">[SCSU]</a>
<!-- no idea what to reference for EBCDIC, so... -->
- </p><p class="note">Most of these encodings are discouraged because of
- security concerns. If a hostile user can contribute text to a site
- using these encodings, bugs in the site's whitelisting filter or in
- a user agent can easily lead to the filter interpreting the
- contribution as "safe" while the user agent interprets the same
- contribution as containing a <code><a href="#script">script</a></code> element. This would
- enable cross-site scripting attacks. By avoiding these encodings,
- and always providing a <a href="#character-encoding-declaration">character encoding declaration</a>,
- an author is less likely to run into this kind of problem.</p><p>Authors are encouraged to use UTF-8. Conformance checkers may
- advise authors against using legacy encodings.</p><p class="note">Using non-UTF-8 encodings can have unexpected
+ </p><p>Authors should not use UTF-32, as the HTML5 encoding detection
+ algorithms intentionally do not distinguish it from UTF-16. <a href="references.html#refsUNICODE">[UNICODE]</a></p><p class="note">Using non-UTF-8 encodings can have unexpected
results on form submission and URL encodings, which use the
<a href="#document-s-character-encoding">document's character encoding</a> by default.</p><p>In XHTML, the XML declaration should be used for inline character
encoding information, if necessary.</p><div class="example">
Index: index.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/index.html,v
retrieving revision 1.452
retrieving revision 1.453
diff -u -d -r1.452 -r1.453
--- index.html 23 Oct 2009 22:07:13 -0000 1.452
+++ index.html 23 Oct 2009 22:16:57 -0000 1.453
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="iana.html">← 12 IANA considerations</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: comms.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/comms.html,v
retrieving revision 1.454
retrieving revision 1.455
diff -u -d -r1.454 -r1.455
--- comms.html 23 Oct 2009 22:07:13 -0000 1.454
+++ comms.html 23 Oct 2009 22:16:57 -0000 1.455
@@ -219,7 +219,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="editing.html">← 7 User Interaction</a> –
<a href="Overview.html#contents">Table of contents</a> –
Index: spec.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/spec.html,v
retrieving revision 1.455
retrieving revision 1.456
diff -u -d -r1.455 -r1.456
--- spec.html 23 Oct 2009 22:07:13 -0000 1.455
+++ spec.html 23 Oct 2009 22:16:58 -0000 1.456
@@ -239,7 +239,7 @@
</dl><p>This specification is available in the following formats:
<a href=spec.html>single page HTML</a>,
<a href=Overview.html>multipage HTML</a>.
-This is revision 1.3442.
+This is revision 1.3443.
</p>
<p class=copyright><a href=http://www.w3.org/Consortium/Legal/ipr-notice#Copyright>Copyright</a>
© 2009 <a href=http://www.w3.org/><abbr title="World Wide
@@ -1388,12 +1388,11 @@
to support do things outside that range? -->, ignoring bytes that
are the second and later bytes of multibyte sequences, all
correspond to single-byte sequences that map to the same Unicode
- characters as those bytes in ANSI_X3.4-1968 (US-ASCII). <a href=#refsRFC1345>[RFC1345]</a></p><p class=note>This includes such encodings as Shift_JIS and
- variants of ISO-2022, even though it is possible in these encodings
- for bytes like 0x70 to be part of longer sequences that are
- unrelated to their interpretation as ASCII. It excludes such
- encodings as UTF-7, UTF-16, HZ-GB-2312, GSM03.38, and EBCDIC
- variants.</p><!--
+ characters as those bytes in ANSI_X3.4-1968 (US-ASCII). <a href=#refsRFC1345>[RFC1345]</a></p><p class=note>This includes such encodings as Shift_JIS,
+ HZ-GB-2312, and variants of ISO-2022, even though it is possible in
+ these encodings for bytes like 0x70 to be part of longer sequences
+ that are unrelated to their interpretation as ASCII. It excludes
+ such encodings as UTF-7, UTF-16, GSM03.38, and EBCDIC variants.</p><!--
We'll have to change that if anyone comes up with a way to have a
document that is valid as two different encodings at once, with
different <meta charset> elements applying in each case.
@@ -4877,13 +4876,26 @@
<code><a href=#meta>meta</a></code> element with an <code title=attr-meta-http-equiv><a href=#attr-meta-http-equiv>http-equiv</a></code> attribute in the
<a href=#attr-meta-http-equiv-content-type title=attr-meta-http-equiv-content-type>Encoding declaration
state</a>, then the character encoding used must be an
- <a href=#ascii-compatible-character-encoding>ASCII-compatible character encoding</a>.</p><p>Authors should not use JIS_C6226-1983<!-- aka JIS-X-0208,
- x-JIS0208 -->, JIS_X0212-1990<!-- aka JIS-X-0212 -->, HZ-GB-2312<!--
- has crazy handling of ASCII "~" -->, encodings based on ISO-2022<!--
+ <a href=#ascii-compatible-character-encoding>ASCII-compatible character encoding</a>.</p><p>Authors are encouraged to use UTF-8. Conformance checkers may
+ advise authors against using legacy encodings.</p><p>Encodings in which a series of bytes in the range 0x20 to 0x7E
+ can encode characters other than the corresponding characters in the
+ range U+0020 to U+007E represent a potential security vulnerability:
+ a user agent that does not support the encoding (or does not support
+ the label used to declare the encoding, or does not use the same
+ mechanism to detect the encoding of unlabelled content as another
+ user agent) might end up interpreting technically benign plain text
+ content as HTML tags and JavaScript. In particular, this applies to
+ encodings in which the bytes corresponding to "<code title=""><script></code>" in ASCII can encode a different
+ string. Authors should not use such encodings, which are known to
+ include JIS_C6226-1983<!-- aka JIS-X-0208, x-JIS0208 -->,
+ JIS_X0212-1990<!-- aka JIS-X-0212 -->, HZ-GB-2312<!-- has crazy
+ handling of ASCII "~" -->, encodings based on ISO-2022<!--
http://krijnhoetmer.nl/irc-logs/whatwg/20090628#l-422 and
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-October/023797.html
- -->, and encodings based on EBCDIC. Authors should not use UTF-32.
- Authors must not use the CESU-8, UTF-7, BOCU-1 and SCSU encodings.
+ -->, and encodings based on EBCDIC. Furtermore, authors must not use
+ the CESU-8, UTF-7, BOCU-1 and SCSU encodings, which also fall into
+ this category, because these encodings were never intended for use
+ for Web content.
<a href=#refsRFC1345>[RFC1345]</a><!-- for the JIS types -->
<a href=#refsRFC1842>[RFC1842]</a><!-- HZ-GB-2312 -->
<a href=#refsRFC1468>[RFC1468]</a><!-- ISO-2022-JP -->
@@ -4891,22 +4903,13 @@
<a href=#refsRFC1554>[RFC1554]</a><!-- ISO-2022-JP-2 -->
<a href=#refsRFC1922>[RFC1922]</a><!-- ISO-2022-CN and ISO-2022-CN-EXT -->
<a href=#refsRFC1557>[RFC1557]</a><!-- ISO-2022-KR -->
- <a href=#refsUNICODE>[UNICODE]</a>
<a href=#refsCESU8>[CESU8]</a>
<a href=#refsUTF7>[UTF7]</a>
<a href=#refsBOCU1>[BOCU1]</a>
<a href=#refsSCSU>[SCSU]</a>
<!-- no idea what to reference for EBCDIC, so... -->
- </p><p class=note>Most of these encodings are discouraged because of
- security concerns. If a hostile user can contribute text to a site
- using these encodings, bugs in the site's whitelisting filter or in
- a user agent can easily lead to the filter interpreting the
- contribution as "safe" while the user agent interprets the same
- contribution as containing a <code><a href=#script>script</a></code> element. This would
- enable cross-site scripting attacks. By avoiding these encodings,
- and always providing a <a href=#character-encoding-declaration>character encoding declaration</a>,
- an author is less likely to run into this kind of problem.</p><p>Authors are encouraged to use UTF-8. Conformance checkers may
- advise authors against using legacy encodings.</p><p class=note>Using non-UTF-8 encodings can have unexpected
+ </p><p>Authors should not use UTF-32, as the HTML5 encoding detection
+ algorithms intentionally do not distinguish it from UTF-16. <a href=#refsUNICODE>[UNICODE]</a></p><p class=note>Using non-UTF-8 encodings can have unexpected
results on form submission and URL encodings, which use the
<a href=#document-s-character-encoding>document's character encoding</a> by default.</p><p>In XHTML, the XML declaration should be used for inline character
encoding information, if necessary.</p><div class=example>
Index: introduction.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/introduction.html,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -d -r1.453 -r1.454
--- introduction.html 23 Oct 2009 22:07:13 -0000 1.453
+++ introduction.html 23 Oct 2009 22:16:57 -0000 1.454
@@ -218,7 +218,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>HTML5</h1>
<h2 class="no-num no-toc" id="a-vocabulary-and-associated-apis-for-html-and-xhtml">A vocabulary and associated APIs for HTML and XHTML</h2>
-<p>This is revision 1.3442.</p>
+<p>This is revision 1.3443.</p>
</div><div>
<a href="Overview.html#contents">Table of contents</a> –
<a href="infrastructure.html">2 Common infrastructure →</a>
Received on Friday, 23 October 2009 22:17:06 UTC