- From: Dan Connolly <connolly@w3.org>
- Date: Tue, 10 Jul 2007 13:02:14 -0500
- To: Simon Pieters <simonp@opera.com>
- Cc: Robert Burns <rob@robburns.com>, Andrew Sidwell <takkaria@gmail.com>, HTML Working Group <public-html@w3.org>
On Tue, 2007-07-10 at 14:21 +0200, Simon Pieters wrote: > On Tue, 10 Jul 2007 12:43:44 +0200, Robert Burns <rob@robburns.com> wrote: > > >> No. It is not a requirement for UAs. The requirements for UAs are: > >> > >> http://www.whatwg.org/specs/web-apps/current-work/#determining0 > > > > I wasn't asking about the UA requirements, I was asking if there was any > > research on the current behavior (that we're trying to be backwards > > compatible with). > > There was. It is documented in the section referenced above. > > http://www.hixie.ch/tests/adhoc/html/parsing/encoding/ > > >> Perhaps, but it isn't compatible with existing UAs. > > > Do we already have some tests on this? > > We do now... ;-) > > http://simon.html5.org/test/html/parsing/encoding/001.htm Thanks... I noted those test materials in http://esw.w3.org/topic/HtmlTestMaterials (I encourage others to do likewise with any test materials they have.) This compatibility form of argument is likely to come up often enough that it should have a home in our design principles. Trying out the current draft http://esw.w3.org/topic/HTML/ProposedDesignPrinciples ... I think this principle comes closest... "Degrade Gracefully New versions of HTML should allow documents using them to work in user agents that don't yet support it. Authors will be reluctant to use new features that cause problems in older browsers, or that don't provide some sort of graceful fallback." So even if we allowed <html charset='utf-8'>, authors would be reluctant to use it until it was widely supported. And even then, we have... "Don't Reinvent The Wheel If there's already a widely used and implemented technology covering particular use cases, consider specifying that technology in preference to inventing something new for the same purpose." Also... "Secure By Design Ensure that features work with the security model of the web. Preferrably address security considerations directly in the specification." Messing around with charset stuff invites some particularly subtle security risks, so I'd rather not change things if we don't have to. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0032 -- Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Tuesday, 10 July 2007 18:02:23 UTC