Re: HTML5 encodings (was: Re: BOCU patent)

From: Peter Krefting (
Date: Tue Dec 22 2009 - 01:18:02 CST

  • Next message: Christoph Pper: "Re: HTML5 encodings"

    Doug Ewell <>:

    > SCSU is completely ASCII-based, as long as the text is in single-byte
    > mode, which would be the case for the entire HTML header, and usually
    > the entire text when encoding small alphabets.

    True, but IIRC you can also encode the ASCII characters using other
    methods, and still have parts in ASCII, meaning that you could put some
    SCSU inside an ASCII document and have the whole document as valid SCSU.
    This could be a security risk if the container document did not declare
    its encoding (think comments to a blog post here).

    > The security issue is largely a red herring. Security of HTML encodings
    > is related to incorrect auto-discovery of encodings, not to using
    > encodings that have been properly announced.

    Yes, of course. And if every document on the web would declare its
    encoding properly, this would not be a problem. But the real world doesn't
    work that way... :-)

    > Henri Sivonen stated that the main reason for prohibiting encodings was
    > to avoid "wasting developer time" and focusing attention on support of
    > new features instead. Apparently he didn't feel developers were capable
    > of both.

    Well, here at Opera we had to disable support for two encodings (UTF-7 and
    UTF-32) to become HTML5 conformant, if that isn't a waste of developer
    time, I don't know what is :-)

    \\// Peter Krefting - speaking his own mind, not that of anyone else

    This archive was generated by hypermail 2.1.5 : Tue Dec 22 2009 - 01:22:25 CST