W3C home > Mailing lists > Public > www-international@w3.org > July to September 2008

RE: [whatwg] Is EBCDIC support needed for not breaking the Web?

From: Phillips, Addison <addison@amazon.com>
Date: Fri, 29 Aug 2008 10:16:50 -0700
To: Ian Hickson <ian@hixie.ch>, Benjamin Smedberg <bsmedberg@mozilla.com>
CC: Henri Sivonen <hsivonen@iki.fi>, Bjoern Hoehrmann <derhoermi@gmx.net>, "www-international@w3.org" <www-international@w3.org>, "public-html@w3.org WG" <public-html@w3.org>, "public-i18n-core@w3.org" <public-i18n-core@w3.org>
Message-ID: <4D25F22093241741BC1D0EEBC2DBB1DA014B4DC4B3@EX-SEA5-D.ant.amazon.com>
Hixie wrote:

> >
> > Gecko does support UTF-7 and will continue to do so because UTF-7
> is
> > still in use as a character set for mail encoding and multi-part
> > documents.
> Would it be possible to limit this support to e-mail? Supporting
> UTF-7 on
> the Web has been the source of security bugs and really doesn't
> seem
> necessary outside of e-mail.


In particular, the *autodetection* of UTF-7 as an encoding in Web pages should be a "MUST NOT" in HTML5, IMHO, because that is a well-known XSS attack. Auto-detection of UTF-7 serves no other purpose in real-world Web documents. I believe there is a TAG finding to this effect. Further, the authors of the UTF-7 RFCs have expressed support for that course of action (as has the I18N WG and, I believe, the UTC).

Best Regards,


Addison Phillips
Globalization Architect -- Lab126

Internationalization is not a feature.
It is an architecture.

Received on Friday, 29 August 2008 17:17:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:40:56 UTC