On Thu, Oct 22, 2009 at 9:23 PM, Øistein E. Andersen <li...@coq.no> wrote: > On 22 Oct 2009, at 17:15, NARUSE, Yui wrote: > >> Finally, Why ISO 2022 series is discouraged is not clear. > > We agree on this point.
The string "숍訊昱穿" encoded as ISO-2022-KR is the bytes 0e 3c 73 63 72 69 70 74 3e. A UA that doesn't support ISO-2022-KR (e.g. Chrome, when I last checked) will decode it as Windows-1252 and get the string "<script>", which is bad. So a site that uses ISO-2022-KR is very likely to expose some users to XSS attacks, which seems like a good reason to discourage that encoding. The same applies to other ISO-2022 encodings. -- Philip Taylor exc...@gmail.com