- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 04 Mar 2007 21:18:07 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: web API <public-webapi@w3.org>
Bjoern Hoehrmann schrieb: > * Julian Reschke wrote: >> "The syntax for the user or password arguments depends on the scheme >> being used. If the syntax for either is incorrect per the production >> given in the relevant scheme user agents must throw a SYNTAX_ERR >> exception. The user and password must be encoded using the encoding >> specified by the scheme. If the scheme fails to specify an encoding they >> must be encoded using UTF-8." >> >> I think this has been mentioned before: does this reflect what today's >> implementations do for basic and digest? > > Could you be more specific? Firefox for example will mangle non-ascii > user names and passwords in strange and harmful ways, so strictly the > answer to your question is "no" but I don't see this as a problem. Well, we have that problem with balancing between what would be the right thing to do, and what the user agents actually implement. I do agree that UTF-8 would be a good choice if the authentication scheme spec is silent about it. That being said: does the Firefox issue have an issue reported? And how do IE and Opera behave? Best regards, Julian
Received on Sunday, 4 March 2007 20:18:23 UTC