- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 25 Jan 2008 15:25:12 -0600
- To: "Roy T. Fielding" <fielding@gbiv.com>
- CC: "public-html@w3.org" <public-html@w3.org>
Roy T. Fielding wrote: > No, they haven't. Where are you getting this stuff? Try a clean > installation > of any Apache version with the distributed configuration files (Apache will > not wipe out old configurations on install). Then it's the Linux distros that are changing the default configuration. The net result from the browser's point of view is the same: more web servers that default everything to "text/plain; charset=UTF-8". > Also, don't forget that the only reason Apache has the AddDefaultCharset > feature (off by default) Sadly various Linux distros are defaulting it on. Really, from the point of view of HTML5 it doesn't matter whose fault the headers being sent are. It might be the fault of Apache, or IE, or Netscape, or the great spaghetti monster. What matters is what UAs need to do to be compatible with with web. > If you start sniffing content with a charset, > then you had better remove support for the charsets that are only used > for XSS attacks. The text content-type sniffing performed by Gecko never results in the browser handling the content as anything other than "text" (per the headers sent by the server) or "binary" (puts up a dialog asking what to do). -Boris
Received on Friday, 25 January 2008 21:25:33 UTC