RE: HTML5 encodings

From: Phillips, Addison (addison@amazon.com)
Date: Sun Jan 17 2010 - 20:40:11 CST

  • Next message: William_J_G Overington: "Localizable sentences are in a PUA for development purposes (from Re: off-topic discussions)"

    The + sign in UTF-7 sequences is always encoded by Yahoo as a numeric character reference (NCR) to avoid XSS attacks. You can view-source on the page to see that this is the case (you do not see UTF-7 sequences represented as characters in the page). It may have worked at the time you posted it (2005), but Yahoo has closed that loophole since then.

    Addison

    Addison Phillips
    Globalization Architect -- Lab126

    Internationalization is not a feature.
    It is an architecture.

    > -----Original Message-----
    > From: unicode-bounce@unicode.org [mailto:unicode-bounce@unicode.org]
    > On Behalf Of Richard Wordingham
    > Sent: Sunday, January 17, 2010 1:47 PM
    > To: unicode@unicode.org
    > Subject: Re: HTML5 encodings
    >
    > Christoph Päper wrote, on Tuesday, December 22, 2009 8:34 AM
    >
    > > Do you know any content currently on the Web encoded in a way
    > prohibited
    > > by HTML5?
    >
    > Philippe may not, but I do -
    > http://tech.groups.yahoo.com/group/JRW_test/message/6 . It's a
    > test
    > demonstration of the only way I've found to post Unicode from the
    > Yahoo
    > groups web interface, UTF-7. At the time, Firefox supported UTF-7,
    > but it
    > wasn't a practical solution because Internet Explorer didn't
    > support UTF-7.
    >
    > Richard.
    >



    This archive was generated by hypermail 2.1.5 : Sun Jan 17 2010 - 20:47:33 CST