ISSUE-381: [survey needed] Make hz-gb-2312 a label of the replacement encoding

[survey needed] Make hz-gb-2312 a label of the replacement encoding

State:
CLOSED
Product:
encoding
Raised by:
Addison Phillips
Opened on:
2014-07-10
Description:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25339

This issue tracks the bug listed above and was created as part of the WG LC process. The bug was created prior to the WG LC.

---

HZ is an exceptionally dangerous encoding, because its escape sequence consists of printable ASCII characters. See https://www.w3.org/Bugs/Public/show_bug.cgi?id=20886#c3 .

In Firefox 28, I constrained the inheritance of HZ, removed it from the UI so that it can't be chosen manually and added telemetry for counting sessions in which the HZ decoder has been instantiated.

Sessions in which the HZ decoder has been instantiated are very rare: such a session occurs less often than once in a million sessions. http://telemetry.mozilla.org/#release/28/DECODER_INSTANTIATED_HZ/saved_session/Firefox

This suggests that the utility of HZ is so small that it should be regarded mainly as an XSS attack vector and be mapped the replacement encoding.

I'd be interested in hearing the perspective of developers of other browsers, Chrome especially, since Chrome has resisted the addition of useless or merely marginally useful encodings.
Related Actions Items:
No related actions
Related emails:
  1. I18N-ISSUE-381 (BUG25339): [survey needed] Make hz-gb-2312 a label of the replacement encoding [encoding] (from sysbot+tracker@w3.org on 2014-07-10)

Related notes:

These issues are now tracked at http://www.w3.org/International/docs/encoding/encoding-cr-doc

Richard Ishida, 16 Sep 2015, 11:59:12

Changelog:

Created issue '[survey needed] Make hz-gb-2312 a label of the replacement encoding' nickname BUG25339 owned by Addison Phillips on product encoding, description 'https://www.w3.org/Bugs/Public/show_bug.cgi?id=25339

This issue tracks the bug listed above and was created as part of the WG LC process. The bug was created prior to the WG LC.

---

HZ is an exceptionally dangerous encoding, because its escape sequence consists of printable ASCII characters. See https://www.w3.org/Bugs/Public/show_bug.cgi?id=20886#c3 .

In Firefox 28, I constrained the inheritance of HZ, removed it from the UI so that it can't be chosen manually and added telemetry for counting sessions in which the HZ decoder has been instantiated.

Sessions in which the HZ decoder has been instantiated are very rare: such a session occurs less often than once in a million sessions. http://telemetry.mozilla.org/#release/28/DECODER_INSTANTIATED_HZ/saved_session/Firefox

This suggests that the utility of HZ is so small that it should be regarded mainly as an XSS attack vector and be mapped the replacement encoding.

I'd be interested in hearing the perspective of developers of other browsers, Chrome especially, since Chrome has resisted the addition of useless or merely marginally useful encodings.' non-public

Addison Phillips, 10 Jul 2014, 04:18:33

nickname changed to ''

Richard Ishida, 16 Sep 2015, 11:59:12

Status changed to 'closed'

Richard Ishida, 16 Sep 2015, 11:59:12


Addison Phillips <addison@amazon.com>, Chair, Richard Ishida <ishida@w3.org>, Bert Bos <bert@w3.org>, Fuqiao Xue <xfq@w3.org>, Atsushi Shimono <atsushi@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $