[whatwg] Custom elements and attributes from Elliotte Harold on 2006-11-12 (public-whatwg-archive@w3.org from November 2006)

From: Elliotte Harold <elharo@metalab.unc.edu>
Date: Sun, 12 Nov 2006 08:00:08 -0500
Message-ID: <45571AD8.3070801@metalab.unc.edu>

Lachlan Hunt wrote:
> Elliotte Harold wrote:
>> Spurious Cp1252 is a real problem. I'm not sure what HTML 5 should do 
>> here.
> 
> At the very least, ISO-8859-1 must be treated as Windows-1252.  I'm not 
> sure about the other ISO-8859 encodings.  Numeric and hex character 
> references from 128 to 159 must also be treated as Windows-1252 code 
> points.
> 

I understand why you want to do this, but it makes me very nervous. At 
best , it's a band-aid. At worst, it's a potential security hole. The 
W3C TAG has recently extensively considered this very issue and 
published a finding on it that's worth reading:

http://www.w3.org/2001/tag/doc/mime-respect.html

Section 4.2 and 4.3 are especially relevant. From 4.3:

As described above, inconsistency between representation data and 
metadata is an error. However, the tendency for some agents to attempt 
silent recovery from such errors is also an error. Silent recovery from 
error perpetuates what could be easily fixed if the resource owner is 
simply informed of that error during their own testing of the resource.

Good Practice

Web agents SHOULD have a configuration option that enables the display 
or logging of detected errors.

Revealing errors when they occur need not be disruptive of the user 
experience. For example, a graphical browser might display a small "bug" 
button in the user interface to indicate a detected error so that an 
interested user (i.e., the resource owner) can select the button, 
inspect the error, and perhaps modify the agent's choice on how to 
recover from that error. Naturally, the appropriate mechanism will be 
unique to each type of receiving agent and application context.

Some applications of the Web cannot tolerate error. For example, medical 
information systems must be designed so as to detect errors that might 
cause relevant information to be rendered invisible. In general, it is 
better to design Web systems that are capable of fulfilling more 
stringent requirements, even if their default configuration is to be 
lenient.

-- 
?Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/

Received on Sunday, 12 November 2006 05:00:08 UTC