> But, the notion that it is acceptable for a server to blithely assume > that any given user is incompetent is repugnant. I no more want > my server to generate incorrect protocols for my web pages than > I want my server to run a spell-checker on the contents. > > Fortunately, rather than Doug's server assuming incompetence, > it appears to be merely over-reacting to a mis-perceived > security threat.
Doug's server isn't assuming incompetence - Doug's server *is* incompetent. Indeed when a server does re-encode it isn't assuming incompetence either, it needs to trust the author on what encoding the source is in in order to re-encode successfully. The issue is with the browser trusting the server over the author. The browser doesn't share our knowledge of Doug's competence or of his server's incompetence and assumes the server is reasonably competent (any fall-back behaviour can only kick in if something proves that the server messed up). For an example of what happens when the browser doesn't trust the server try sending a HTML source as plain text to IE.
