Firefox和UTF-16编码 [英] Firefox and UTF-16 encoding

问题描述

我正在使用UTF-16编码的网站。这意味着每个文件（html，jsp）都以UTF-18编码，我设置在每个HTML页面的头部：

I'm building a website with the encoding UTF-16. It means that every files (html,jsp) is encoded in UTF-18 and I set in the head of every HTML page :

<meta http-equiv="content-type" content="text/html; charset=UTF-16">

我的索引页由Chrom和IE正确显示。但是，firefox不会渲染索引。它显示2个奇怪的字符和完整的索引页面代码：

My index page is correctly displayed by Chrom and IE. However, firefox doesn't render the index. It displays 2 strange characters and the full index page code :

��<!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-16"> ...

你知道原因吗？它应该是一个编码的问题，但我不知道它在哪里...

Do you know the reason? It should be a problem of encoding, but I don't know where it's located...

谢谢

推荐答案

（披露：我是负责Firefox中相关代码的开发人员。）

(Disclosure: I’m the developer responsible for the relevant code in Firefox.)

我正在使用UTF-16编码网站。

I'm building a website with the encoding UTF-16.

请不要。简单的规则是：

Please don’t. The short rules are:

1. 不要使用UTF-16进行互换。


2. 始终使用UTF- 8用于交换。


3. 如果你违反规则1& 2，仍然使用UTF-16，至少使用BOM（正确的一个）。


4. 但是，严格来说，不要违反规则1和2。

1. Never use UTF-16 for interchange.
2. Always use UTF-8 for interchange.
3. If you break rules 1 & 2 and still use UTF-16, at least use the BOM (the right one).
4. But seriously, don’t break rules 1 and 2.

如果您的网页上包含用户提供的内容，则使用UTF-16意味着您的网站至少在旧版浏览器中容易遭受社交设计的XSS。尝试此演示旧版本Firefox（20或更早版本）或基于Presto的Opera版本。

If you include user-provided content on your pages, using UTF-16 means that your site is vulnerable to socially engineered XSS at least in older browsers. Try this demo in an old version of Firefox (version 20 or older) or in a Presto-based version of Opera.

为避免此漏洞，请使用UTF-8。

To avoid the vulnerability, use UTF-8.

这意味着每个文件（html，jsp）以UTF-18编码

It means that every files (html,jsp) is encoded in UTF-18

呃哦： - ）

Uh oh. :-)

我设置在每个HTML页面的头部：
< meta http -equiv =content-typecontent =text / html; charset = UTF-16>

只有当使用的编码将元标记的字节映射到相同的ASCII字节时，元标记才能用作内部编码声明。对于UTF-16而言并非如此。

A meta tag works as an internal encoding declaration only when the encoding being used maps the bytes of the meta tag to the same bytes ASCII would. That’s not the case for UTF-16.

你知道原因吗？

Do you know the reason?

在十六进制编辑器中没有完整的响应头和原始响应体。如上所述，一般解决方案是始终使用UTF-8，并且绝对不要通过HTTP使用UTF-16。

Not without full response headers and the original response body in a hex editor. The general solution, as noted above, is to use always UTF-8 and never to use UTF-16 over HTTP.

如果您的内容使用UTF-16比UTF-8更紧凑的语言，则需要两件事：

If your content is in a language for which UTF-16 is more compact than UTF-8, two things:

1. 页面上的所有HTML，JS和CSS在UTF-8中更加紧凑。


2. gzip使差异消失。
   

1. All the HTML, JS and CSS on the page is more compact in UTF-8.
2. gzip makes the difference go away.

这篇关于Firefox和UTF-16编码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！