[whatwg] Superset encodings [Re: ISO-8859-* and the C1 control range]

On Thu, Oct 22, 2009 at 9:23 PM, ?istein E. Andersen <liszt at coq.no> wrote:
> On 22 Oct 2009, at 17:15, NARUSE, Yui wrote:
>> Finally, Why ISO 2022 series is discouraged is not clear.
> We agree on this point.

The string "????" encoded as ISO-2022-KR is the bytes 0e 3c 73  63 72
69 70 74 3e. A UA that doesn't support ISO-2022-KR (e.g. Chrome, when
I last checked) will decode it as Windows-1252 and get the string
"<script>", which is bad. So a site that uses ISO-2022-KR is very
likely to expose some users to XSS attacks, which seems like a good
reason to discourage that encoding. The same applies to other ISO-2022

Philip Taylor
excors at gmail.com

Received on Thursday, 22 October 2009 14:45:26 UTC