[whatwg] Custom elements and attributes
Elliotte Harold
elharo at metalab.unc.edu
Sun Nov 12 05:00:08 PST 2006
Lachlan Hunt wrote:
> Elliotte Harold wrote:
>> Spurious Cp1252 is a real problem. I'm not sure what HTML 5 should do
>> here.
>
> At the very least, ISO-8859-1 must be treated as Windows-1252. I'm not
> sure about the other ISO-8859 encodings. Numeric and hex character
> references from 128 to 159 must also be treated as Windows-1252 code
> points.
>
I understand why you want to do this, but it makes me very nervous. At
best , it's a band-aid. At worst, it's a potential security hole. The
W3C TAG has recently extensively considered this very issue and
published a finding on it that's worth reading:
http://www.w3.org/2001/tag/doc/mime-respect.html
Section 4.2 and 4.3 are especially relevant. From 4.3:
As described above, inconsistency between representation data and
metadata is an error. However, the tendency for some agents to attempt
silent recovery from such errors is also an error. Silent recovery from
error perpetuates what could be easily fixed if the resource owner is
simply informed of that error during their own testing of the resource.
Good Practice
Web agents SHOULD have a configuration option that enables the display
or logging of detected errors.
Revealing errors when they occur need not be disruptive of the user
experience. For example, a graphical browser might display a small "bug"
button in the user interface to indicate a detected error so that an
interested user (i.e., the resource owner) can select the button,
inspect the error, and perhaps modify the agent's choice on how to
recover from that error. Naturally, the appropriate mechanism will be
unique to each type of receiving agent and application context.
Some applications of the Web cannot tolerate error. For example, medical
information systems must be designed so as to detect errors that might
cause relevant information to be rendered invisible. In general, it is
better to design Web systems that are capable of fulfilling more
stringent requirements, even if their default configuration is to be
lenient.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the whatwg
mailing list