* Alexey Melnikov wrote:
>Does anybody know if updating RFC 2617 to say that
username/passwords
>are UTF-8 would break any major implementation? For
example, does
>anybody know if a major HTTP client/server
implementation assume ISO 8859-1?
It appears that for Basic authentication the german version
of Internet
Explorer 6 running on the german version of Windows 2003 as
well as the
latest english Internet Explorer 7 release candidate running
on the
german version of Windows XP will use something like
ISO-8859-1 for both
manual as well as XMLHttpRequest requests. Trying to use
U+20AC as user
name and password they got encoded as 0x80 (Windows-1252)
for manual re-
quests, and to '?' for XHR. Characters not included in
Windows-1252 come
out as '?' regardless of the method used. For XHR my test
cases include
documents encoded as ISO-8859-1 and UTF-8; there did not
appear to be
any difference.
The latest en-us version of Firefox uses UTF-8 for XHR and
the lower
byte of the character when encoded using UTF-16BE (so for
U+20AC you
get 0xAC) when using manual input. For manually entered http://u:p ...
URLs Firefox uses Windows-1252 if possible, UTF-8 otherwise.
When XHR
is used with such a URL, it uses UTF-8. The latest en-us
version of
Opera9 always uses UTF-8, as far as I can tell based on my
limited
testing. Results might well be different on with different
default code
pages, language settings, and so on. Note that the illegal
http://u:p..
addressing scheme allows to use arbitrary octet sequences
using %hh
escape sequences, with some browser-specific limitations.
--
Björn Höhrmann · mailto:bjoernhoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-authosafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth
|