Ignore:
Timestamp:
Feb 12, 2008, 5:46:02 AM (12 years ago)
Author:
julian.reschke@…
Message:

Remove character set defaulting for text media types (to be done: add security considerations WRT charset sniffing); relates to #20.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p3-payload.xml

    r207 r209  
    348348   <xref target="RFC2277"/>.
    349349</t>
    350 
    351 <section title="Missing Charset" anchor="missing.charset">
    352 <t>
    353    Some HTTP/1.0 software has interpreted a Content-Type header without
    354    charset parameter incorrectly to mean "recipient should guess."
    355    Senders wishing to defeat this behavior &MAY; include a charset
    356    parameter even when the charset is ISO-8859-1 (<xref target="ISO-8859-1"/>) and &SHOULD; do so when
    357    it is known that it will not confuse the recipient.
    358 </t>
    359 <t>
    360    Unfortunately, some older HTTP/1.0 clients did not deal properly with
    361    an explicit charset parameter. HTTP/1.1 recipients &MUST; respect the
    362    charset label provided by the sender; and those user agents that have
    363    a provision to "guess" a charset &MUST; use the charset from the
    364    content-type field if they support that charset, rather than the
    365    recipient's preference, when initially displaying a document. See
    366    <xref target="canonicalization.and.text.defaults"/>.
    367 </t>
    368 </section>
    369350</section>
    370351
     
    514495</t>
    515496<t>
    516    The "charset" parameter is used with some media types to define the
    517    character set (<xref target="character.sets"/>) of the data. When no explicit charset
    518    parameter is provided by the sender, media subtypes of the "text"
    519    type are defined to have a default charset value of "ISO-8859-1" when
    520    received via HTTP. Data in character sets other than "ISO-8859-1" or
    521    its subsets &MUST; be labeled with an appropriate charset value. See
    522    <xref target="missing.charset"/> for compatibility problems.
     497   HTTP/1.1 recipients &MUST; respect the    charset label provided by the
     498   sender; and those user agents that have a provision to "guess" a charset
     499   &MUST; use the charset from the content-type field if they support that
     500   charset, rather than the recipient's preference, when initially displaying
     501   a document.
    523502</t>
    524503</section>
     
    14541433   some suggestions for reducing security risks.
    14551434</t>
     1435<t>
     1436  <cref anchor="sec.charset.sniffing">
     1437    Point out the risks related to character set sniffing, in particular for
     1438    UTF-7. See <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/20#comment:4"/>.
     1439  </cref>
     1440</t>
    14561441
    14571442<section title="Privacy Issues Connected to Accept Headers" anchor="privacy.issues.connected.to.accept.headers">
     
    23672352  Clarify contexts that charset is used in.
    23682353  (<xref target="character.sets"/>)
     2354</t>
     2355<t>
     2356  Remove character set defaulting for text media types.
     2357  (<xref target="canonicalization.and.text.defaults"/>)
    23692358</t>
    23702359<t>
     
    24412430<section title="Since draft-ietf-httpbis-p3-payload-01">
    24422431<t>
     2432  Ongoing work on text media type charset defaults (<eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/20"/>):
     2433  <list style="symbols">
     2434    <t>
     2435      Remove the ISO-8859-1 default.
     2436    </t>
     2437  </list>
     2438</t>
     2439<t>
    24432440  Ongoing work on ABNF conversion (<eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36"/>):
    24442441  <list style="symbols">
Note: See TracChangeset for help on using the changeset viewer.