Re: [I18N Core Response][CSS21] out of range unicode escapes

At 03:57 PM 6/26/2007, Addison Phillips wrote:
>We didn't say that either solution was unacceptable. We only pointed out 
>that introducing a parse error would make the issue easier to debug---and 
>that this is much more likely than any reasonable use of out-of-range 
>sequences.

Without getting into the details of the discussion, I would only note that 
the most likely recipient of such files with such errors is not the website 
creator, but a random user who is neither likely to be capable of debugging 
nor does he wish to debug the CSS. What he would like to do is see the web 
page he requested. Thus CSS tries to continue when it can; for example, by 
throwing away invalid pieces of the stylesheet. (See Fantasai's answer on 
Mark Davis' example).

If the goal is to help people write correct websites, then a validator for 
a stylesheet is a much more useful tool than either a parse error or a 
character substitution. But, note that it is the creator of the website 
that uses the validator and not the website user.

This distinction between creator (who should know better) and user (who is 
likely to have no clue) is important in coming up with a solution. I think 
your paragraph above says that this is a non-issue because a creator can 
use a validator and the user should not have to.

I do, however, recognize that sending invalid strings that appear to be 
valid (as with the controversy about International URLs) can create 
security holes. The real problem lies in distinguishing pages that are 
simply broken but for which some display is possible and pages that are 
maliciously trying to fool the user.


         Steve
=====================================
Steve Zilles
115 Lansberry Court,
Los Gatos, CA 95032-4710
steve@zilles.org