- From: Peter Linss <peter.linss@hp.com>
- Date: Thu, 7 Aug 2008 11:30:49 -0700
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: Anne van Kesteren <annevk@opera.com>, Jens Meiert <jens@meiert.com>, "www-style@w3.org" <www-style@w3.org>
On Aug 7, 2008, at 10:48 AM, Boris Zbarsky wrote: > > Anne van Kesteren wrote: >> It seems important that all UAs, including mobile UAs, use the same >> mechanisms to detect the character encoding of a resource. > > Put this way, I should note that incorrectly detecting character > encoding can actually lead to security issues.... That frightens me. If there's a security hole from incorrectly detecting encoding, couldn't it be exploited by explicitly declaring the wrong encoding? Peter
Received on Thursday, 7 August 2008 18:31:31 UTC