Bjoern Hoehrmann schrieb:
* Julian Reschke wrote:
"The syntax for the user or password arguments depends on the scheme
being used. If the syntax for either is incorrect per the production
given in the relevant scheme user agents must throw a SYNTAX_ERR
exception. The user and password must be encoded using the encoding
specified by the scheme. If the scheme fails to specify an encoding they
must be encoded using UTF-8."
I think this has been mentioned before: does this reflect what today's
implementations do for basic and digest?
Could you be more specific? Firefox for example will mangle non-ascii
user names and passwords in strange and harmful ways, so strictly the
answer to your question is "no" but I don't see this as a problem.
Well, we have that problem with balancing between what would be the
right thing to do, and what the user agents actually implement. I do
agree that UTF-8 would be a good choice if the authentication scheme
spec is silent about it.
That being said: does the Firefox issue have an issue reported? And how
do IE and Opera behave?
Best regards, Julian
