|

»

»

»

w3.org - www-international

Re: [whatwg] Is EBCDIC support needed for not breaking the Web?

View: New views

6 Messages — Rating Filter: Alert me

	Re: [whatwg] Is EBCDIC support needed for not breaking the Web? by Henri Sivonen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Jun 1, 2008, at 17:25, Bjoern Hoehrmann wrote: > * Henri Sivonen wrote: >> This makes me wonder: Do the top browsers support any EBCDIC-based >> encodings but just without exposing them in the UI? If not, can there >> be any notable EBCDIC-based Web content? > > Internet Explorer should support any character encoding Windows > supports > (see the advanced tab in `control International`), which includes many > EBCDIC encodings. See eg. http://www.websitedev.de/temp/ebcdic-cp-us.txt > for an example. Thanks. Philip Taylor made a test case: http://philip.html5.org/demos/charset/ebcdic/charsets.html It shows that browsers that use general-purpose decoder libraries (IE and Safari) support some EBCDIC flavors but browsers that roll their own decoders (Firefox and Opera) don't. Firefox and Opera being able get away with not supporting EBCDIC flavors suggests that EBCDIC-based encodings cannot be particularly Web-relevant. Even if saying that browsers MUST NOT support them might end up being a dead letter, it seems that it would be feasible to say that browsers SHOULD NOT support them or at least MUST NOT let a heuristic detector guess EBCDIC (for security reasons). (Also, I think I'm going to remove EBCDIC support from Validator.nu.) > It seems to me www-international@... would have been > a better place to ask your questions than the mailing lists you > picked. So many lists. :-( CCed that one, too, just in case. -- Henri Sivonen hsivonen@... http://hsivonen.iki.fi/
	Re: [whatwg] Is EBCDIC support needed for not breaking the Web? by Henri Sivonen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Jun 2, 2008, at 04:27, Benjamin Smedberg wrote: > Henri Sivonen wrote: > >> Firefox and Opera being able get away with not supporting EBCDIC >> flavors suggests that EBCDIC-based encodings cannot be particularly >> Web-relevant. Even if saying that browsers MUST NOT support them >> might end up being a dead letter, it seems that it would be >> feasible to say that browsers SHOULD NOT support them or at least >> MUST NOT let a heuristic detector guess EBCDIC (for security >> reasons). > > Gecko does support UTF-7 and will continue to do so because UTF-7 is > still in use as a character set for mail encoding and multi-part > MIME documents. Does/will Gecko support UTF-7 as a possible heuristic detector guess on the Web/HTTP side? -- Henri Sivonen hsivonen@... http://hsivonen.iki.fi/
	Re: [whatwg] Is EBCDIC support needed for not breaking the Web? by Simon Montagu :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Henri Sivonen wrote: > Does/will Gecko support UTF-7 as a possible heuristic detector guess on > the Web/HTTP side? > No.
	Re: [whatwg] Is EBCDIC support needed for not breaking the Web? by Ian Hickson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, 1 Jun 2008, Benjamin Smedberg wrote: > Henri Sivonen wrote: > > > Firefox and Opera being able get away with not supporting EBCDIC > > flavors suggests that EBCDIC-based encodings cannot be particularly > > Web-relevant. Even if saying that browsers MUST NOT support them might > > end up being a dead letter, it seems that it would be feasible to say > > that browsers SHOULD NOT support them or at least MUST NOT let a > > heuristic detector guess EBCDIC (for security reasons). > > Gecko does support UTF-7 and will continue to do so because UTF-7 is > still in use as a character set for mail encoding and multi-part MIME > documents. Would it be possible to limit this support to e-mail? Supporting UTF-7 on the Web has been the source of security bugs and really doesn't seem necessary outside of e-mail. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
	RE: [whatwg] Is EBCDIC support needed for not breaking the Web? by Phillips, Addison :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hixie wrote: > > > > Gecko does support UTF-7 and will continue to do so because UTF-7 > is > > still in use as a character set for mail encoding and multi-part > MIME > > documents. > > Would it be possible to limit this support to e-mail? Supporting > UTF-7 on > the Web has been the source of security bugs and really doesn't > seem > necessary outside of e-mail. > +1 In particular, the autodetection of UTF-7 as an encoding in Web pages should be a "MUST NOT" in HTML5, IMHO, because that is a well-known XSS attack. Auto-detection of UTF-7 serves no other purpose in real-world Web documents. I believe there is a TAG finding to this effect. Further, the authors of the UTF-7 RFCs have expressed support for that course of action (as has the I18N WG and, I believe, the UTC). Best Regards, Addison Addison Phillips Globalization Architect -- Lab126 Internationalization is not a feature. It is an architecture.
	Re: [whatwg] Is EBCDIC support needed for not breaking the Web? by Frank Ellermann :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Phillips, Addison wrote: > I believe there is a TAG finding to this effect. Further, > the authors of the UTF-7 RFCs have expressed support for > that course of action (as has the I18N WG and, I believe, > the UTC) There is even an IETF AD willing to sponsor a draft that formally deprecates UTF-7 (by updating the IANA charset registry). But no volunteer to write this draft so far. Frank

LightInTheBox - Buy quality products at wholesale price!