← Back to release summary

Remove auto-detection of ISO-2022-JP charset in HTML

Category

Security

Type

Feature removal

Status

In development (Chrome In development)

Intent stage

None

Summary

There are known[1] security issues around charset auto-detection for ISO-2022-JP. Given that the usage is very low, and Safari does not support auto-detection of ISO-2022-JP, we will remove support for it to eliminate the security issues. [1]: https://www.sonarsource.com/blog/encoding-differentials-why-charset-matters/

Motivation

There are known[1] security issues around charset auto-detection for ISO-2022-JP. The use counter[2] shows that the auto-detection of ISO-2022-JP charset only happens around 0.000002% of page load. Given that usage is very low, and Safari does not support auto-detection of ISO-2022-JP, we will remove support for it to eliminate the security issues. [1]: https://www.sonarsource.com/blog/encoding-differentials-why-charset-matters/ [2]: https://chromestatus.com/metrics/feature/timeline/popularity/5244

Standards & signals

• Firefox: Positive
• Safari: Shipped/Shipping
• Web developers: No signals
• Tracking bug: https://issues.chromium.org/issues/40089450

View on chromestatus.com