- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 11 Feb 2015 13:02:02 +0100
- To: Brian Smith <brian@briansmith.org>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
* Brian Smith wrote: >Bjoern Hoehrmann <derhoermi@gmx.net> wrote: >>>You mentioned that urlencode(normalize(utf8encode(...))) is most >>>probably wrong. However, consider a document that is NOT in UTF-8 >>>encoding, but instead in Shift-JIS. I believe that there does need to >>>be a first step of converting the text to Unicode and then UTF-8 >>>encoding the Unicode text. However, I could very well be wrong here. >> >> You have to decode character encodings, sure, but that does not seem >> relevant here. > >It is relevant for CSP policies that are defined in <meta>. There are some dependencies in web browsers between document character encodings and URLs or URL-like protocol elements, but those are due to browser bugs from the 1990s. In any case, it would be helpful to have a code example to discuss this further. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/
Received on Wednesday, 11 February 2015 12:02:38 UTC