Yes, if that's what you ask for. But as I know some German I may prefer
to do my own translation. And if the recipient is a German who knows no
English, they certainly aren't going to be amused if their letters get
translated whether they want them to be or not. So the mail carrier
should do this only if specifically asked to do so.
--
Peter Kirk
***@qaya.org (personal)
***@qaya.org (work)
http://www.qaya.org/




------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Indeed. Remember the problem here isn't a server performing translation, transliteration or re-encoding - but rather a server misidentifying an encoding (hence my analogy of the translator having a nervous break-down, that and the fact that the image struck me as funny).

However to enable a correctly functioning server to perform such re-encoding *when asked to do so* we have to have the rule that HTTP-headers over-ride embedded self-description for text-based formats. This causes problems in cases like those described, but not when the webserver has a rough idea of what the hell it is doing.

One could argue against the rule of headers having precedence on the basis that it is brittle, but it is no more brittle than trusting copy-and-paste <meta/> elements which are also likely to be wrong (trust me I've seen enough that my anecdotal experience is approaching statistical validity).

But one day it will all be Unicode... one day...






------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Unlike Jame's cup of wine, this really is a good analogy. Suppose the
document is stored on the server in ISO 8859-1 and the browser requesting
the page understands only EBCDIC. The server must convert it -- if it
doesn't, it will appear on the client as complete garbage. As Jon
mentioned, the server is the last one to touch it, and this illustrates
why it is appropriate for the server to touch it.


Peter


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

.
Peter Constable wrote,
But, this simply isn't the case with Doug Ewell's web pages. Doug's
pages are properly encoded using the world's standard for text
encoding and properly tagged. The server isn't performing any
conversion, it's just adulterating the content of the web pages
by adding an incorrect protocol resulting in the display of
mojibake.

Jon Hanna wrote,
This is the operative phrase, "when *asked* to do so".
But, the notion that it is acceptable for a server to blithely assume
that any given user is incompetent is repugnant. I no more want
my server to generate incorrect protocols for my web pages than
I want my server to run a spell-checker on the contents.

Fortunately, rather than Doug's server assuming incompetence,
it appears to be merely over-reacting to a mis-perceived
security threat.

Deepayan Sarkar wrote,
Ethyl alcohol is toxic, but, as miracles go... our postulated sophisticated
cup's ability to tranform wine into water probably wouldn't be as
widely acclaimed as the ability to do the opposite.

Best regards,

James Kass
.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Doug's server isn't assuming incompetence - Doug's server *is* incompetent.

Indeed when a server does re-encode it isn't assuming incompetence either, it needs to trust the author on what encoding the source is in in order to re-encode successfully.

The issue is with the browser trusting the server over the author. The browser doesn't share our knowledge of Doug's competence or of his server's incompetence and assumes the server is reasonably competent (any fall-back behaviour can only kick in if something proves that the server messed up).

For an example of what happens when the browser doesn't trust the server try sending a HTML source as plain text to IE.






------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

No, there is no obligation.

Surely, rather, browsers should be expected to support a
Ah but how minimum is acceptable?

Of course, and I've said this already in this thread, we can now just make sure that every server and ever client supports UTF-8 and UTF-16. However it will be some time before servers can assume all browsers can accept these, and before all browsers can assume that all servers can send them. The rule of http headers over-riding embedded self-desciption is going to be necessary until this has come to pass.
Even after then it's going to be necessary as there is only one http header which states encoding, but there is an unlimited number of mechanisms for self-description in an unlimited number of potential document types.






------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

My webserver has a duty and right to do that if I want it to. Again what is happening in Doug's case is clearly an error on the part of the server, I am only saying that the error is not in the policy of http headers over-riding document self-desciption.

Had Doug more control over his server he might want it to do the sort of re-encoding when a browser requested it. In other scenarios the server might be the closest thing there is to an "author", or the author might provide some XML giving the core of the document with the server adding other features such as navigation, records of user comments etc. which puts the server in a far more authoritative position than when used for "straight" file transfer (and much of my bread-and-butter is such systems).

In Doug's case a server should act exactly as you say and leave well alone, but that is not the only case that the protocols involved have to serve.






------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Peter Constable wrote,
Here's one of the specs:

http://www.w3.org/TR/html4/charset.html#h-5.2.2


And, here's a page which extrapolates from the specs, please note
that the "TO SUM IT ALL UP" is most instructive:

http://www.webstandards.org/learn/askw3c/dec2002.html

Best regards,

James
.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

.
Peter Constable wrote,
The specs list an order of priority in which character set information
is sought.

First, the browser checks the HTTP header, then the XML declaration
(which is not relevant to HTML), then the HTML meta tag.

Apparently, upon finding character set information, the operation
stops, so if information is present in the HTTP header, the meta
tag won't be consulted.

This approach seems flawed -- illustrated by the problems caused
by Adelphia's apparent incompetence in this regard.

All of the data should be consulted and there should be some kind
of protocol in place to handle conflicting character set info.

In the event of a conflict between the HTTP header and the HTML meta
tag, of course the browser should believe the HTML meta tag. After
all, who knows better than the author the encoding used to construct
the file? Where the server has performed a character set conversion
upon request from a browser, then, as a part of the character set
conversion process, the HTML meta tag needs to be re-written in case
the page is archived by the visitor for later off-line viewing.

If this were the case, we wouldn't be having this thread.

Best regards,

James Kass
.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Nit: this is not the case for text/html, which fortunately took exception
from the MIME specs on this. From the HTML 4.01 spec, 5.2.2:

"Therefore, user agents must not assume any default value for the "charset"
parameter."
Correct for text/xml. Better not use that, then, and favor application/xml.
--
François Yergeau


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Who knows better the encoding used to *send* the file? The last server to
touch it.

It used to be common, the norm in fact, for Russian servers to store files
in various legacy encodings (KOI-8, 8859-5, DOS-something,...) and to serve
them in some other encoding, after transcoding on-the-fly based on the
User-Agent. There were also transcoding proxies for Asian character sets
that one could use to overcome the limitations of browsers of that era.
These practices were still around when the HTML 4 spec was released in 1997
and no doubt contributed to getting things as they are.
It takes large amounts of tricky code to reliably parse real-life HTML. It
is unreasonable to expect servers, which have no business parsing HTML, to
contain this code. Browsers have it and *they* should adjust the meta tag
when they do a "Save as..."
If servers would just shut up when they don't know (as required by the HTML
spec)....
--
François Yergeau


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

I don't see anything wrong with the spec. So far as I can see it is
doing the right thing. Although the behaviour of the described server
could be better.

First point - if no information is present, assume "us-ascii". Sounds
/extremely sensible/ to me. ASCII is the intersection of Latin-1, UTF-8,
and various other commonly used encodings. Moreover, in order to even
/read/ the name of the encoding, the name of the encoding must have
itself been encoded in /something/. It makes sense to me to assume the
absolute minimum. If you want more than the minimum, declare your
encoding. This should not be a problem.

Second point - the "search order" - (1) server; (2) XML tag; (3) HTML
meta tag. This also makes sense to me. Yes, the document author should
know best, but it is the /_server_/, not the /_client_/, which should
take notice of the meta tag.

As far as the browser is concerned, meta tags in the document _/must
not/_ override the headers, as this could result in security holes
exploitable by attackers.

The issue is slightly more complicated. The browser /must/ believe the
HTTP headers. However, if the meta tags and HTTP headers are in conflict
then I believe _the server is at fault_, in not making the correct
declaration. In other words, if the document author says (in a meta tag)
"this is in UTF-8", then the server should (in my opinion) send the
document to the browser with an encoding type of UTF-8. In other words,
the server should (again, in my opinion), ensure that the HTTP header is
not in conflict with a meta tag, by changing the HTTP header to match
the meta tag. However, if a server does not do this, still, then the
browser must believe the HTTP header.

Jill

There is no re-encoding! There just might be is all.

There might also be a lot of other things going on, and hence a lot of headers sent, and those sending the headers have a responsibility to ensure their accuracy and those receiving them have a responsibility to read and act upon them (though not necessarily with blind trust if it could raise security issues).

Anyway, browsers aren't required to examine <meta/> elements at all, though they may, it's only xml declarations that have a strong place in the list of sources of encoding information.






------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Sounds very misguided to me.
How does that make it more likely that guessing ASCII would be correct?
See Appendix F of the XML spec for how you can do much better than assuming
ASCII to read the encoding name.
It makes much more sense to me to assume UTF-8, as XML does. If you want
*less* than that, declare your encoding. This is not a problem.
--
François


------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

François --

You might be interested to know that all of your recent mail has the
following header attached to it! Sounds to me like your outgoing server is
tagging mail, and it's getting things wrong.

Rick
------------------------ Yahoo! Groups Sponsor ---------------------~-->
KnowledgeStorm has over 22,000 B2B technology solutions. The most comprehensive IT buyers' information available. Research, compare, decide. E-Commerce | Application Dev | Accounting-Finance | Healthcare | Project Mgt | Sales-Marketing | More
http://us.click.yahoo.com/IMai8D/UYQGAA/cIoLAA/8FfwlB/TM
---------------------------------------------------------------------~->

To Unsubscribe, send a blank message to: unicode-***@yahooGroups.com

This mailing list is just an archive. The instructions to join the true Unicode List are on http://www.unicode.org/unicode/consortium/distlist.html


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Good point. But there has to be an actual attacker here, as in, a hacker
engaged in a purposefully malevalent attempt to (say) run arbitrary code
on a victim's machine (the victim being an end-user, a web-page
viewer). To achieve this, the attacker must exploit "features" of the
victim's browser. Yes, I was assuming that the attacker was a document
author -- but if the attacker was a server (or at least, a server
administrator), then it's difficult to see what a document author can do
to guard against this. If the server is an attacker, they could of
course modify all documents served anyway, in any manner they chose. In
such a circumstance, document authors would be well advised to move
their documents to another server ... assuming they ever found out.

The attack is only theoretical, so far as I know, but basically it works
like this: the attacker places a link to (say)
"C:\WINNT\SYSTEM32\CMD.EXE (plus some nasty parameters)" in a hyperlink
and encourages you to click on it. If all is well, the browser should
forbid this. But if the string is written in encoding A, and the
browser parses it assuming it to be encoding B, it is possible that the
browser may not recognise the path as being absolute, and so may allow
it. Of course, you'd have to try /really hard/ to find encodings A and
B such that this becomes feasable, but you never know, it might be
doable. Plus, you'd have to find a user dumb enough to be running a
sufficiently old browser that it was still prone to this exploit. (I'm
pretty sure modern browsers will have closed that hole by now, but
again, you never know). But even a buggy and stupid browser will never
fall victim to this exploit if the browser is able to infer the correct
encoding for the document.

But look at it like this. Suppose a html document had a meta tag which
claimed: <META HTTP-EQUIV="Content-length" CONTENT=1>. In this
circumstance, which would you prefer to believe: The HTTP Content-length
header? Or the meta tag? (One can certainly imagine buffer-overrun
exploits if browsers were to make the wrong choice).

Of course, having said that, document authors /can/ affect HTTP headers
directly anyway. If the document were to be written in PHP instead of
HTML then a document author could generate any HTTP headers they wanted!
(I've actually done this to deliver documents in UTF-8 against the
server's default). All I can assume is maybe there's some sort of threat
model in place which assumes that anyone who can code in PHP can't
possibly be an attacker! If so, it's clearly nonsense.

I still maintain, though (in agreement with Jon) that a server should
obey the document author by taking notice of meta tags and transforming
them into HTTP tags. (At the very /least/, it should take the meta tag
as a hint, and use it as an HTTP tag if the hint turns out to be true).
To ignore them altogether is just dumb.

Jill

PS. I haven't mentioned Unicode domain names. That's a different kettle
of fish altogether. Maybe we could have another thread for that.