> First you determine the content-type and then after that you may want to > determine the charset used within that content-type
That's wishful thinking that doesn't match what has to happen ... the mime-sniffing document ALREADY is looking at the charset, by looking for byte-order-mark signatures to decide whether the content is text or binary. So we're already doing charset detection, just not calling it that or completely specifying it. _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec