W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CfC: Transition CSP2 to CR.

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 11 Feb 2015 13:02:02 +0100
To: Brian Smith <brian@briansmith.org>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <lngmdatkgtrtsad73sphj3n1f5d254ndiu@hive.bjoern.hoehrmann.de>
* Brian Smith wrote:
>Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
>>>You mentioned that urlencode(normalize(utf8encode(...))) is most
>>>probably wrong. However, consider a document that is NOT in UTF-8
>>>encoding, but instead in Shift-JIS. I believe that there does need to
>>>be a first step of converting the text to Unicode and then UTF-8
>>>encoding the Unicode text. However, I could very well be wrong here.
>>
>> You have to decode character encodings, sure, but that does not seem
>> relevant here.
>
>It is relevant for CSP policies that are defined in <meta>.

There are some dependencies in web browsers between document character
encodings and URLs or URL-like protocol elements, but those are due to
browser bugs from the 1990s. In any case, it would be helpful to have
a code example to discuss this further.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 
Received on Wednesday, 11 February 2015 12:02:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC