[Bug 19961] Write security considerations


--- Comment #5 from Henri Sivonen <hsivonen@hsivonen.fi> ---
"Browsers are strongly encouraged to disable character encoding overrides for
resources using one of the aforementioned problematic encodings."

Please clarify that browsers should both:
 1) Not offer UTF-16 as a manual override.
 2) Ignore manual overrides for resources that are UTF-16 to begin with.

I'm unsure if the above should apply to ISO-2022-JP. I haven't seen a PoC of an
attack either way, and Firefox currently allows override both to and from

You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 5 December 2014 08:10:01 UTC