|
|
Posted by Alan J. Flavell on 11/22/08 11:38
On Sat, 28 Jan 2006, Toby Inkster wrote:
> Mike Massonnet wrote:
>
> > it is also optional when using UTF-8 or UTF-16 encoding.
>
> Or indeed ASCII, as that is a subset of UTF-8.
It's quite amusing really: if you send content which is strictly
us-ascii, undeclared, over HTTP, then RFC2616 says it should be
assumed to be iso-8859-1, while XML can assume it's utf-8, and neither
of them are actually wrong :-}
This is not really advisable, though. Depending on the contents of
the ASCII data stream, MSIE might unilaterally decide that it's utf-7,
and CERT CA-2000-02 warns about cross-site scripting security flaws
which can be exploited. An appropriate explict encoding should always
be advertised, as the CERT alert recommends.
Navigation:
[Reply to this message]
|