- From: Elliotte Harold <elharo@metalab.unc.edu>
- Date: Sun, 12 Nov 2006 08:00:08 -0500
Lachlan Hunt wrote: > Elliotte Harold wrote: >> Spurious Cp1252 is a real problem. I'm not sure what HTML 5 should do >> here. > > At the very least, ISO-8859-1 must be treated as Windows-1252. I'm not > sure about the other ISO-8859 encodings. Numeric and hex character > references from 128 to 159 must also be treated as Windows-1252 code > points. > I understand why you want to do this, but it makes me very nervous. At best , it's a band-aid. At worst, it's a potential security hole. The W3C TAG has recently extensively considered this very issue and published a finding on it that's worth reading: http://www.w3.org/2001/tag/doc/mime-respect.html Section 4.2 and 4.3 are especially relevant. From 4.3: As described above, inconsistency between representation data and metadata is an error. However, the tendency for some agents to attempt silent recovery from such errors is also an error. Silent recovery from error perpetuates what could be easily fixed if the resource owner is simply informed of that error during their own testing of the resource. Good Practice Web agents SHOULD have a configuration option that enables the display or logging of detected errors. Revealing errors when they occur need not be disruptive of the user experience. For example, a graphical browser might display a small "bug" button in the user interface to indicate a detected error so that an interested user (i.e., the resource owner) can select the button, inspect the error, and perhaps modify the agent's choice on how to recover from that error. Naturally, the appropriate mechanism will be unique to each type of receiving agent and application context. Some applications of the Web cannot tolerate error. For example, medical information systems must be designed so as to detect errors that might cause relevant information to be rendered invisible. In general, it is better to design Web systems that are capable of fulfilling more stringent requirements, even if their default configuration is to be lenient. -- ?Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
Received on Sunday, 12 November 2006 05:00:08 UTC