On Sat, Dec 04, 2004 at 04:06:46AM +0900, Dan Kogai wrote:
> On Dec 02, 2004, at 23:25, Tim Bunce wrote:
> >On Wed, Dec 01, 2004 at 01:28:05PM -0800, Gisle Aas wrote:
> >>As you probably know perl's version of UTF-8 is not the real thing. I
> >>thought I would hack up a patch to support the encoding as defined by
> >>Unicode. That involves rejecting illegal chars (like surrogates,
> >>"\x{FFFF}" and "\x{FDD0}), chars above 0x10FFFF, overlong sequences
> >>and such.
> >
> >It's worth remembering that overlong sequences are a potential
> >security risk.
> >
> >>Before I do this I would like to get some feedback on the interface.
> >>My prefered interface would be to make:
> >>
> >> encode("UTF-8", $string)
> >>
> >>imply the official restricted form
> >
> >I think that would be best.
>
> But to what extent? Does it mean restricted, but unused codepoints
> (i.e. U+10F000) to be illegal? Does that mean we have to verify and if
> necessary, patch perl anytime Unicode.org updates Unicode?
>
> While I agree official UTF-8 be supported separately from "Perl" UTF-8,
Okay.
> I would like perl to be independent from unicode.org. Remember that
> perl community does not have a vote in unicode.org (or does it?).
> Making perl too compliant to the Unicode standard means that perl is at
> a mercy thereof.
Whoa. We agree official UTF-8 be supported separately from "Perl" UTF-8.
So there must be two names.
Then this thread boils down to what to call them.
> >>This implies that encode("UTF-8", $string) can start failing while
> >>previously it could not.
> >
> >Anyone working with valid UTF-8 would not get failures.
> >Anyone who thinks they're using valid UTF-8 but aren't should be
> >grateful!
> >Anyone not using valid UTF-8 (eg using it as a way to encode integers)
> >needs to be told in advance - but I doubt there are many and they're
> >likely to be cluefull users who read release notes :)
>
> There are many movements and implementations that "extends" Unicode by
> making use of codepoints beyond 0x10FFFF. Current perl can accept
> them; "Real", official unicode cannot.
Sure. I've used perl utf8 for packing large integers myself. That's
not the issue here. The issue is what to call the two encodings.
> >I'd say "UTF-8" should mean the official restricted form for perl 5.10.
>
> Perl is a language where "use strict" is not default. Why make its
> default encoding strict then? Perl should be liberal, not official.
I didn't actually say that perl's default encoding should be strict,
though I can see how it came across that way.
I'm only saying that the Unicode standard is called "UTF-8" and if
that's what a script explicitly asks for then that's what it should get.
> So my proposal is opposite; Leave "utf8" and "UTF-8" as it is now and
> define "UTF-8-official" or "UTF-8-pedantic" or whatever.
Security is for everyone, not just pedants. This is a bit dated but was
the best I could find http://www.izerv.net/idwg-public/archive/0181.html
> >The only remaining issues are then what to do for 5.8.7
> >and what to call the unrestricted encoding.
>
> I would like to keep calling that 'utf8'.
I've no problem with 'utf8' being perl's unrestricted uft8 encoding,
but "UTF-8" is the name of the standard and should give the
corresponding behaviour.
Tim.
