UTF-8: Difference between revisions
Incnis Mrsi (talk | contribs) →Advantages and disadvantages: reverting user:BIL's addition (may be true, but irrelevant to the U+0800+ problem); commented out erroneous arithmetics on 3- and 4-byte sequences, see talk:UTF-8#Three- and four-byte sequences |
|||
Line 539: | Line 539: | ||
* UTF-8 is the only encoding for XML entities that does not require a BOM or an indication of the encoding.<ref>[http://www.w3.org/TR/REC-xml/#charencoding W3.org]</ref> |
* UTF-8 is the only encoding for XML entities that does not require a BOM or an indication of the encoding.<ref>[http://www.w3.org/TR/REC-xml/#charencoding W3.org]</ref> |
||
* UTF-8 and UTF-16 are the standard encodings for Unicode text in HTML documents, with UTF-8 as the preferred and most used encoding. |
* UTF-8 and UTF-16 are the standard encodings for Unicode text in HTML documents, with UTF-8 as the preferred and most used encoding. |
||
* UTF-8 strings can be fairly reliably recognized as such by a simple [[heuristic algorithm]].<ref>[http://www.w3.org/International/questions/qa-forms-utf-8 W3 FAQ: Multilingual Forms]: a Perl regular expression to validate a UTF-8 string)</ref> The |
* UTF-8 strings can be fairly reliably recognized as such by a simple [[heuristic algorithm]].<ref>[http://www.w3.org/International/questions/qa-forms-utf-8 W3 FAQ: Multilingual Forms]: a Perl regular expression to validate a UTF-8 string)</ref> The probability of a random string of bytes which is not pure ASCII being valid UTF-8<!-- that is correct. past versions had incorrect use of probability and logical connectives. --> is 3.9% for a two-byte sequence,<ref>There are {{math|256 × 256 − 128 × 128}} not-pure-ASCII two-byte sequences, and of those, only 1920 encode valid UTF-8 characters (the range U+0080 to U+07FF), so the proportion of valid not-pure-ASCII two-byte sequences is 3.9%.<!-- Similarly, there are 256 × 256 × 256 − 128 × 128 × 128 not-pure-ASCII three-byte sequences, and 61,406 valid three-byte UTF-8 sequences (U+000800 to U+00FFFF minus surrogate pairs and non-characters), so the proportion is 0.41%; finally, there are 256<sup>4</sup> − 128<sup>4</sup> non-ASCII four-byte sequences, and 1,048,544 valid four-byte UTF-8 sequences (U+010000 to U+10FFFF minus non-characters), so the proportion is 0.026%.--> Note that this assumes that control characters pass as ASCII; without the control characters, the percentage proportions drop somewhat).</ref> and decreases exponentially for longer sequences. [[ISO/IEC 8859-1]] is even less likely to be mis-recognized as UTF-8: the ''only'' non-ASCII characters in it would have to be in sequences starting with either an accented letter or the multiplication symbol and ending with a symbol. This is an advantage that most other encodings do not have, causing errors ([[mojibake]]) if the receiving application isn't told and can't guess the correct encoding. Even word-based UTF-16 can be mistaken for byte encodings (like in the "[[bush hid the facts]]" bug). |
||
* [[lexicographical order|Sorting]] of UTF-8 strings as arrays of unsigned bytes will produce the same results as sorting them based on Unicode code points. |
* [[lexicographical order|Sorting]] of UTF-8 strings as arrays of unsigned bytes will produce the same results as sorting them based on Unicode code points. |
||
* Other byte-based encodings can pass through the same API. This means, however, that the encoding must be identified. Because the other encodings are unlikely to be valid UTF-8, a reliable way to implement this is to assume UTF-8 and switch to a legacy encoding only if several invalid UTF-8 byte sequences are encountered. |
* Other byte-based encodings can pass through the same API. This means, however, that the encoding must be identified. Because the other encodings are unlikely to be valid UTF-8, a reliable way to implement this is to assume UTF-8 and switch to a legacy encoding only if several invalid UTF-8 byte sequences are encountered. |
||
Line 552: | Line 552: | ||
==== Disadvantages ==== |
==== Disadvantages ==== |
||
* UTF-8 encoded text is larger than the appropriate single-byte encoding except for plain ASCII characters. In the case of languages which used 8-bit character sets with non-Latin alphabets encoded in the upper half (such as most [[Cyrillic script|Cyrillic]] and [[Greek alphabet]] code pages), letters in UTF-8 will be double the size. For some languages such as [[Thai language|Thai]] and [[Hindi]]'s [[Devanagari]], letters will be triple the size (this has caused objections in India and other countries) |
* UTF-8 encoded text is larger than the appropriate single-byte encoding except for plain ASCII characters. In the case of languages which used 8-bit character sets with non-Latin alphabets encoded in the upper half (such as most [[Cyrillic script|Cyrillic]] and [[Greek alphabet]] code pages), letters in UTF-8 will be double the size. For some languages such as [[Thai language|Thai]] and [[Hindi]]'s [[Devanagari]], letters will be triple the size (this has caused objections in India and other countries). |
||
* It is possible in UTF-8 (or any other multi-byte encoding) to split or [[Data truncation|truncate]] a string in the middle of a character, which may result in an invalid string. This will not happen in correct handling of UTF-8. |
* It is possible in UTF-8 (or any other multi-byte encoding) to split or [[Data truncation|truncate]] a string in the middle of a character, which may result in an invalid string. This will not happen in correct handling of UTF-8. |
||
* If the code points are all the same size, measurements of a fixed number of them is easy. Due to ASCII-era documentation where "character" is used as a synonym for "byte" this is often considered important. However, by measuring string positions using bytes instead of "characters" most algorithms can be easily and efficiently adapted for UTF-8{{Citation needed|date=December 2009}}. |
* If the code points are all the same size, measurements of a fixed number of them is easy. Due to ASCII-era documentation where "character" is used as a synonym for "byte" this is often considered important. However, by measuring string positions using bytes instead of "characters" most algorithms can be easily and efficiently adapted for UTF-8{{Citation needed|date=December 2009}}. |
Revision as of 10:31, 7 February 2012
UTF-8 (UCS Transformation Format—8-bit[1]) is a variable-width encoding that can represent every character in the Unicode character set. It was designed for backward compatibility with ASCII and to avoid the complications of endianness and byte order marks in UTF-16 and UTF-32.
UTF-8 has become the dominant character encoding for the World-Wide Web, accounting for more than half of all Web pages.[2][3][4] The Internet Engineering Task Force (IETF) requires all Internet protocols to identify the encoding used for character data, and the supported character encodings must include UTF-8.[5] The Internet Mail Consortium (IMC) recommends that all e-mail programs be able to display and create mail using UTF-8.[6] UTF-8 is also increasingly being used as the default character encoding in operating systems, programming languages, APIs, and software applications.[citation needed]
UTF-8 encodes each of the 1,112,064[7] code points in the Unicode character set using one to four 8-bit bytes (termed "octets" in the Unicode Standard). Code points with lower numerical values (i. e., earlier code positions in the Unicode character set, which tend to occur more frequently in practice) are encoded using fewer bytes.[8] The first 128 characters of Unicode, which correspond one-to-one with ASCII, are encoded using a single octet with the same binary value as ASCII, making valid ASCII text valid UTF-8-encoded Unicode as well.
The official IANA code for the UTF-8 character encoding is UTF-8
.[9]
History
By early 1992 the search was on for a good byte-stream encoding of multi-byte character sets. The draft ISO 10646 standard contained a non-required annex called UTF-1 that provided a byte-stream encoding of its 32-bit code points. This encoding was not satisfactory on performance grounds, but did introduce the notion that bytes in the ASCII range of 0–127 represent themselves in UTF, thereby providing backward compatibility.
In July 1992, the X/Open committee XoJIG was looking for a better encoding. Dave Prosser of Unix System Laboratories submitted a proposal for one that had faster implementation characteristics and introduced the improvement that 7-bit ASCII characters would only represent themselves; all multibyte sequences would include only bytes where the high bit was set.
In August 1992, this proposal was circulated by an IBM X/Open representative to interested parties. Ken Thompson of the Plan 9 operating system group at Bell Labs then made a crucial modification to the encoding to allow it to be self-synchronizing, meaning that it was not necessary to read from the beginning of the string to find code point boundaries. Thompson's design was outlined on September 2, 1992, on a placemat in a New Jersey diner with Rob Pike. The following days, Pike and Thompson implemented it and updated Plan 9 to use it throughout, and then communicated their success back to X/Open.[10]
UTF-8 was first officially presented at the USENIX conference in San Diego, from January 25–29, 1993.
In November 2003 UTF-8 was restricted by RFC 3629 to four bytes in order to match the constraints of the UTF-16 character encoding.
Description
The design of UTF‑8 is most easily seen in the table of the scheme as originally proposed by Dave Prosser and subsequently modified by Ken Thompson:
Bits | Last code point | Byte 1 | Byte 2 | Byte 3 | Byte 4 | Byte 5 | Byte 6 |
---|---|---|---|---|---|---|---|
7 | U+007F | 0xxxxxxx | |||||
11 | U+07FF | 110xxxxx | 10xxxxxx | ||||
16 | U+FFFF | 1110xxxx | 10xxxxxx | 10xxxxxx | |||
21 | U+1FFFFF | 11110xxx | 10xxxxxx | 10xxxxxx | 10xxxxxx | ||
26 | U+3FFFFFF | 111110xx | 10xxxxxx | 10xxxxxx | 10xxxxxx | 10xxxxxx | |
31 | U+7FFFFFFF | 1111110x | 10xxxxxx | 10xxxxxx | 10xxxxxx | 10xxxxxx | 10xxxxxx |
The salient features of the above scheme are as follows:
- The bytes equal to ASCII characters represent those characters and are used for that purpose only.
- The first byte indicates the length of a sequence, without having to examine the continuation bytes
- Single bytes, first bytes, and continuation bytes do not share values. This makes the scheme "self synchronizing", allowing searching to work without having to find character boundaries, and allowing the start of a character to be found by backing up at most five bytes (three bytes in actual UTF‑8 as explained below).
- The scheme could be extended beyond 6-byte sequences and the lead bytes FE and FF are available for this.
The first 128 characters (US-ASCII) need one byte. The next 1,920 characters need two bytes to encode. This includes Latin letters with diacritics and characters from the Greek, Cyrillic, Coptic, Armenian, Hebrew, Arabic, Syriac and Tāna alphabets. Three bytes are needed for the rest of the Basic Multilingual Plane (which contains virtually all characters in common use). Four bytes are needed for characters in the other planes of Unicode, which include less common CJK characters and various historic scripts and mathematical symbols.
The original specification covered numbers up to 31 bits (the original limit of the Universal Character Set). In November 2003 UTF-8 was restricted by RFC 3629 to end at U+10FFFF
, in order to match the constraints of the UTF-16 character encoding. This removed the 5 and 6-byte sequences, and about ½ the 4-byte sequences.
Examples
Character | Binary code point | Binary UTF-8 | Hexadecimal UTF-8 | |
---|---|---|---|---|
$ | U+0024
|
00100100
|
00100100
|
24
|
¢ | U+00A2
|
00000000 10100010
|
11000010 10100010
|
C2 A2
|
€ | U+20AC
|
00100000 10101100
|
11100010 10000010 10101100
|
E2 82 AC
|
𤭢 | U+24B62
|
00000010 01001011 01100010
|
11110000 10100100 10101101 10100010
|
F0 A4 AD A2
|
Codepage layout
Legend: Yellow cells are control characters, blue cells are punctuation, purple cells are digits and green cells are ASCII letters.
Orange cells with a large dot are continuation bytes. The hexadecimal number shown after a "+" plus sign is the value of the 6 bits they add.
White cells containing a large single-digit number are the start bytes for a sequence of that many bytes. The unbolded hexadecimal code point number shown in the cell is the lowest character value encoded using that start byte. When a start byte could form both overlong and valid encodings, the lowest non-overlong-encoded codepoint is shown, marked by an asterisk "*".
Red cells must never appear in a valid UTF-8 sequence. The first two (C0 and C1) could only be used for overlong encoding of basic ASCII characters. The remaining red cells indicate start bytes of sequences that could only encode numbers larger than the 0x10FFFF limit of Unicode. The byte 244 (hex 0xF4) could also encode some values greater than 0x10FFFF; such a sequence is also invalid.
Invalid byte sequences
Not all sequences of bytes are valid UTF-8. A UTF-8 decoder should be prepared for:
- the red invalid bytes in the above table
- an unexpected continuation byte
- a start byte not followed by enough continuation bytes
- a sequence that decodes to a value that should use a shorter sequence (an "overlong form").
- A 4-byte sequence (starting with F4) that decodes to a value greater than U+10FFFF
Many earlier decoders would happily try to decode these. Carefully crafted invalid UTF-8 could make them either skip or create ASCII characters such as NUL, slash, or quotes. Invalid UTF-8 has been used to bypass security validations in high profile products including Microsoft's IIS web server[11] and Apache's Tomcat servlet container.[12]
RFC 3629 states "Implementations of the decoding algorithm MUST protect against decoding invalid sequences."[13] The Unicode Standard requires decoders to "...treat any ill-formed code unit sequence as an error condition. This guarantees that it will neither interpret nor emit an ill-formed code unit sequence."
Many UTF-8 decoders throw exceptions on encountering errors,[14] since such errors suggest the input is not a UTF-8 string at all. This can turn what would otherwise be harmless errors (producing a message such as "no such file") into a denial of service bug. For instance Python 3.0 would exit immediately if the command line contained invalid UTF-8,[15] so it was impossible to write a Python program that could handle such input.
An increasingly popular option is to detect errors with a separate API, and for converters to translate the first byte to a replacement and continue parsing with the next byte. Popular replacements are:
- The replacement character "�" (U+FFFD)
- The invalid Unicode code points U+DC80..U+DCFF where the low 8 bits are the byte's value.
- Interpret the bytes according to ISO-8859-1 or CP1252.
Replacing errors is "lossy": more than one UTF-8 string converts to the same Unicode result. Therefore the original UTF-8 should be stored, and translation should only be used when displaying the text to the user.
Invalid code points
According to the Unicode standard[which?] the high and low surrogate halves used by UTF-16 (U+D800 through U+DFFF) are not legal Unicode values, and the UTF-8 encoding of them is an invalid byte sequence and thus should be treated as described above.[citation needed]
Whether an actual application should do this with surrogate halves is debatable.[who?] Allowing them allows lossless storage of invalid UTF-16, and allows CESU encoding (described below) to be decoded. There are other code points that are far more important to detect and reject, such as the reversed-BOM U+FFFE, or the C1 controls, caused by improper conversion of CP1252 text or double-encoding of UTF-8. These are invalid in HTML.
Official name and variants
The official name is "UTF-8". All letters are upper-case, and the name is hyphenated. This spelling is used in all the documents relating to the encoding.
Alternatively, the name "utf-8" may be used by all standards conforming to the Internet Assigned Numbers Authority (IANA) list (which include CSS, HTML, XML, and HTTP headers),[16] as the declaration is case insensitive.[17]
Other descriptions that omit the hyphen or replace it with a space, such as "utf8" or "UTF 8", are not accepted as correct by the governing standards.[18] Despite this, most agents such as browsers can understand them, and so standards intended to describe existing practice (such as HTML5) may effectively require their recognition.
MySQL omits the hyphen in the following query:
SET NAMES 'utf8'
Derivatives
The following implementations show slight differences from the UTF-8 specification. They are incompatible with the UTF-8 specification.
CESU-8
Many pieces of software added UTF-8 conversions for UCS-2 data and did not alter their UTF-8 conversion when UCS-2 was replaced with the surrogate-pair supporting UTF-16. The result is that each half of a UTF-16 surrogate pair is encoded as its own 3-byte UTF-8 encoding, resulting in 6-byte sequences rather than 4 for characters outside the Basic Multilingual Plane. Oracle databases use this, as well as Java and Tcl as described below, and probably a great deal of other Windows software where the programmers were unaware of the complexities of UTF-16. Although most usage is by accident, a supposed benefit is that this preserves UTF-16 binary sorting order when CESU-8 is binary sorted.
Modified UTF-8
In Modified UTF-8,[19] the null character (U+0000) is encoded as 0xC0,0x80; this is not valid UTF-8[20] because it is not the shortest possible representation. Modified UTF-8 strings never contain any actual null bytes but can contain all Unicode code points including U+0000,[21] which allows such strings (with a null byte appended) to be processed by traditional null-terminated string functions.
All known Modified UTF-8 implementations also treat the surrogate pairs as in CESU-8.
In normal usage, the Java programming language supports standard UTF-8 when reading and writing strings through InputStreamReader
and OutputStreamWriter
. However it uses Modified UTF-8 for object serialization,[22] for the Java Native Interface,[23] and for embedding constant strings in class files.[24] Tcl also uses the same modified UTF-8[25] as Java for internal representation of Unicode data, but uses strict CESU-8 for external data.
Byte order mark
Many Windows programs (including Windows Notepad) add the bytes 0xEF, 0xBB, 0xBF at the start of any document saved as UTF-8. This is the UTF-8 encoding of the Unicode byte order mark (BOM), and is commonly referred to as a UTF-8 BOM, even though it is not relevant to byte order. The BOM can also appear if another encoding with a BOM is translated to UTF-8 without stripping it. Older text editors may display the BOM as "" at the start of the document.
The Unicode standard recommends against the BOM for UTF-8.[26] The presence of the UTF-8 BOM may cause interoperability problems with existing software that could otherwise handle UTF-8; for example:
- Programming language parsers not explicitly designed for UTF-8 can often handle UTF-8 in string constants and comments, but cannot parse the BOM at the start of the file.
- Programs that identify file types by leading characters may fail to identify the file if a BOM is present even if the user of the file could skip the BOM. An example is the Unix shebang syntax. Another example is Internet Explorer which will render pages in standards mode only when it starts with a document type declaration.
If compatibility with existing programs is not important, the BOM could be used to identify UTF-8 encoding. Because checking if text is valid UTF-8 is very reliable (the majority of random byte sequences are not valid UTF-8) such use should not be necessary. Programs that insert information at the start of a file will break this identification (one example is offline browsers that add the originating URL to the start of the file).
In Japan especially, "UTF-8 encoding without BOM" is sometimes called "UTF-8N".[citation needed]
Advantages and disadvantages
This section needs additional citations for verification. (October 2009) |
General
Advantages
- The ASCII characters are represented by themselves as single bytes that do not appear anywhere else, which makes UTF-8 work with the majority of existing APIs that take bytes strings but only treat a small number of ASCII codes specially. This removes the need to write a new Unicode version of every API, and makes it much easier to convert existing systems to UTF-8 than any other Unicode encoding.
- UTF-8 is the only encoding for XML entities that does not require a BOM or an indication of the encoding.[27]
- UTF-8 and UTF-16 are the standard encodings for Unicode text in HTML documents, with UTF-8 as the preferred and most used encoding.
- UTF-8 strings can be fairly reliably recognized as such by a simple heuristic algorithm.[28] The probability of a random string of bytes which is not pure ASCII being valid UTF-8 is 3.9% for a two-byte sequence,[29] and decreases exponentially for longer sequences. ISO/IEC 8859-1 is even less likely to be mis-recognized as UTF-8: the only non-ASCII characters in it would have to be in sequences starting with either an accented letter or the multiplication symbol and ending with a symbol. This is an advantage that most other encodings do not have, causing errors (mojibake) if the receiving application isn't told and can't guess the correct encoding. Even word-based UTF-16 can be mistaken for byte encodings (like in the "bush hid the facts" bug).
- Sorting of UTF-8 strings as arrays of unsigned bytes will produce the same results as sorting them based on Unicode code points.
- Other byte-based encodings can pass through the same API. This means, however, that the encoding must be identified. Because the other encodings are unlikely to be valid UTF-8, a reliable way to implement this is to assume UTF-8 and switch to a legacy encoding only if several invalid UTF-8 byte sequences are encountered.
Disadvantages
- A UTF-8 parser that is not compliant with current versions of the standard might accept a number of different pseudo-UTF-8 representations and convert them to the same Unicode output. This provides a way for information to leak past validation routines designed to process data in its eight-bit representation.[30]
Compared to single-byte encodings
Advantages
- UTF-8 can encode any Unicode character, avoiding the need to figure out and set a "code page" or otherwise indicate what character set is in use, and allowing output in multiple languages at the same time. For many languages there has been more than one single-byte encoding in usage, so even knowing the language was insufficient information to display it correctly.
- The bytes 0xfe and 0xff do not appear, so a valid UTF-8 stream never matches the UTF-16 byte order mark and thus cannot be confused with it. The absence of 0xFF (\377) also eliminates the need to escape this byte in Telnet (and FTP control connection).
Disadvantages
- UTF-8 encoded text is larger than the appropriate single-byte encoding except for plain ASCII characters. In the case of languages which used 8-bit character sets with non-Latin alphabets encoded in the upper half (such as most Cyrillic and Greek alphabet code pages), letters in UTF-8 will be double the size. For some languages such as Thai and Hindi's Devanagari, letters will be triple the size (this has caused objections in India and other countries).
- It is possible in UTF-8 (or any other multi-byte encoding) to split or truncate a string in the middle of a character, which may result in an invalid string. This will not happen in correct handling of UTF-8.
- If the code points are all the same size, measurements of a fixed number of them is easy. Due to ASCII-era documentation where "character" is used as a synonym for "byte" this is often considered important. However, by measuring string positions using bytes instead of "characters" most algorithms can be easily and efficiently adapted for UTF-8[citation needed].
Compared to other multi-byte encodings
Advantages
- UTF-8 uses the codes 0–127 only for the ASCII characters. This means that UTF-8 is an ASCII extension and can with limited change be supported by software that supports an ASCII extension and handles non-ASCII characters as free text.
- UTF-8 can encode any Unicode character. Files in different languages can be displayed correctly without having to choose the correct code page or font. For instance Chinese and Arabic can be supported (in the same text) without special codes inserted or manual settings to switch the encoding.
- UTF-8 is "self-synchronizing": character boundaries are easily found when searching either forwards or backwards. If bytes are lost due to error or corruption, one can always locate the beginning of the next character and thus limit the damage. Many multi-byte encodings are much harder to resynchronize.
- Any byte oriented string searching algorithm can be used with UTF-8 data, since the sequence of bytes for a character cannot occur anywhere else. Some older variable-length encodings (such as Shift JIS) did not have this property and thus made string-matching algorithms rather complicated. In Shift-JIS the end byte of a character and the first byte of the next character could look like another legal character, something that can't happen in UTF-8.
- Efficient to encode using simple bit operations. UTF-8 does not require slower mathematical operations such as multiplication or division (unlike the obsolete UTF-1 encoding).
Disadvantages
- For certain languages UTF-8 will take more space than an older multi-byte encoding. East Asian scripts generally have two bytes per character in their multi-byte encodings yet take three bytes per character in UTF-8.
Compared to UTF-16
Advantages
- A text byte stream cannot be losslessly converted to UTF-16, due to the possible presence of errors in the byte stream encoding. This causes unexpected and often severe problems attempting to use existing data in a system that uses UTF-16 as an internal encoding. Results are security bugs, DoS if bad encoding throws an exception, and data loss when different byte streams convert to the same UTF-16. Due to the ASCII compatibility and high degree of pattern recognition in UTF-8, random byte streams can be passed losslessly through a system using it, as interpretation can be deferred until display.
- Converting to UTF-16 while maintaining compatibility with existing programs (such as was done with Windows) requires every API and data structure that takes a string to be duplicated. Invalid encodings make the duplicated APIs not exactly map to each other, often making it impossible to do some action with one of them.
- Characters outside the basic multilingual plane are not a special case. UTF-16 is often mistaken to be the obsolete constant-length UCS-2 encoding, leading to code that works for most text but suddenly fails for non-BMP characters.[31]
- Text encoded in UTF-8 is often smaller than (or the same size as) the same text encoded in UTF-16.
- This is always true for text using only code points below U+0800 (which includes all modern European languages), as each code point's UTF-8 encoding is one or two bytes then.
- Even if text contains code points between U+0800 and U+FFFF, it might contain so many code points below U+0080 (which UTF-8 encodes in one byte) that the UTF-8 encoding is still smaller. As HTML markup and line terminators are code points below U+0080, most HTML source is smaller if encoded in UTF-8 even for Asian scripts.
- Non-BMP characters (U+10000 and above) are encoded in UTF-8 in four bytes, the same size as in UTF-16.
- Most communication and storage was designed for a stream of bytes. A UTF-16 string must use a pair of bytes for each code unit:
- The order of those two bytes becomes an issue and must be specified in the UTF-16 protocol, such as with a byte order mark.
- If an odd number of bytes is missing from UTF-16, the whole rest of the string will be meaningless text. Any bytes missing from UTF-8 will still allow the text to be recovered accurately starting with the next character after the missing bytes. If any partial character is removed the corruption is always recognizable.
Disadvantages
- A simplistic parser for UTF-16 is unlikely to convert invalid sequences to ASCII.[citation needed] Since the dangerous characters in most situations are ASCII, a simplistic UTF-16 parser is much less dangerous than a simplistic UTF-8 parser.
- Characters U+0800 through U+FFFF use three bytes in UTF-8, but only two in UTF-16. As a result, text in (for example) Chinese, Japanese or Hindi could take more space in UTF-8 if there are more of these characters than there are ASCII characters. This happens for pure text,[32] but rarely for HTML documents. For example, both the Japanese UTF-8 and the Hindi Unicode articles on Wikipedia take more space in UTF-16 than in UTF-8 .[33]
- In UCS-2 (but not UTF-16) Unicode code points are all the same size, making measurements of a fixed number of them easy. Due to ASCII-era documentation where "character" is used as a synonym for "byte", this is often considered important. Most UTF-16 implementations, including Windows, measure non-BMP characters as 2 units in UTF-16, as this is the only practical way to handle the strings. A similar variability in character size applies to UTF-8.
See also
- Alt code
- Character encodings in HTML
- Comparison of e-mail clients#Features
- Comparison of Unicode encodings
- GB 18030
- Iconv—a standardized API used to convert between different character encodings
- ISO/IEC 8859
- Specials (Unicode block)
- Unicode and e-mail
- Unicode and HTML
- Universal Character Set
- UTF-8 in URIs
- UTF-9 and UTF-18
- UTF-16/UCS-2
References
- ^ The Unicode Consortium. "Chapter 2. General Structure". The Unicode Standard (6.0 ed.). Mountain View, California, USA: The Unicode Consortium. ISBN 978-1-936213-01-6.
{{cite book}}
: Check|authorlink=
value (help); External link in
(help). RFC 3629 also refers to UTF-8 as "UCS transformation format". Also commonly known as "Unicode Transformation Format".|authorlink=
- ^ Mark Davis (28 January 2010). "Unicode nearing 50% of the web". Official Google Blog. Google. Retrieved 5 December 2010.
- ^ "UTF-8 Usage Statistics". BuiltWith. Retrieved 2011-03-28.
- ^ "Usage of character encodings for websites". W3Techs. Retrieved 2010-03-30.
- ^ Alvestrand, H. (1998). "RFC 2277" (Document). Internet Engineering Task Force.
{{cite document}}
: Unknown parameter|contribution=
ignored (help) - ^ "Using International Characters in Internet Mail". Internet Mail Consortium. August 1, 1998. Retrieved 2007-11-08.
- ^ Not all of the 1,112,064 possible code points have been assigned characters; many are reserved for future use, and some are reserved for private use, while still others are specified as permanently undefined.
- ^ More precisely, the number of bytes used to encode a character at a given code point is a monotonically increasing function of the numerical value of the code point.
- ^ Internet Assigned Numbers Authority (4 November 2010). "CHARACTER SETS". IANA. Retrieved 5 December 2010.
- ^ Pike, Rob (2003-04-03). "UTF-8 history".
- ^ Marin, Marvin (2000-10-17). "Web Server Folder Traversal MS00-078".
- ^ "National Vulnerability Database - Summary for CVE-2008-2938".
- ^ Yergeau, F. (2003). "RFC 3629" (Document). Internet Engineering Task Force.
{{cite document}}
: Unknown parameter|contribution=
ignored (help) - ^ Examples: UTF8 (Java Class Library API) or java.nio.charset.CharsetDecoder.decode
- ^ "Non-decodable Bytes in System Character Interfaces".
- ^ W3C: Setting the HTTP charset parameter notes that the IANA list is used for HTTP
- ^ Internet Assigned Numbers Authority Character Sets
- ^ RFC 3629 UTF-8 see chapter 8. MIME registration, first paragraph
- ^ "Java SE 6 documentation for Interface java.io.DataInput, subsection on Modified UTF-8". Sun Microsystems. 2008. Retrieved 2009-05-22.
- ^ "[...] the overlong UTF-8 sequence C0 80 [...]", "[...] the illegal two-octet sequence C0 80 [...]""Request for Comments 3629: "UTF-8, a transformation format of ISO 10646"". 2003. Retrieved 2009-05-22.
- ^ "[...] Java virtual machine UTF-8 strings never have embedded nulls.""The Java Virtual Machine Specification, 2nd Edition, section 4.4.7: "The CONSTANT_Utf8_info Structure"". Sun Microsystems. 1999. Retrieved 2009-05-24.
- ^ "[...] encoded in modified UTF-8.""Java Object Serialization Specification, chapter 6: Object Serialization Stream Protocol, section 2: Stream Elements". Sun Microsystems. 2005. Retrieved 2009-05-22.
- ^ "The JNI uses modified UTF-8 strings to represent various string types.""Java Native Interface Specification, chapter 3: JNI Types and Data Structures, section: Modified UTF-8 Strings". Sun Microsystems. 2003. Retrieved 2009-05-22.
- ^ "[...] differences between this format and the "standard" UTF-8 format.""The Java Virtual Machine Specification, 2nd Edition, section 4.4.7: "The CONSTANT_Utf8_info Structure"". Sun Microsystems. 1999. Retrieved 2009-05-23.
- ^ "In orthodox UTF-8, a NUL byte(\x00) is represented by a NUL byte. [...] But [...] we [...] want NUL bytes inside [...] strings [...]""Tcler's Wiki: UTF-8 bit by bit (Revision 6)". 2009-04-25. Retrieved 2009-05-22.
- ^ The Unicode Standard - Chapter 2, see chapter 2.6 page 30 bottom
- ^ W3.org
- ^ W3 FAQ: Multilingual Forms: a Perl regular expression to validate a UTF-8 string)
- ^ There are 256 × 256 − 128 × 128 not-pure-ASCII two-byte sequences, and of those, only 1920 encode valid UTF-8 characters (the range U+0080 to U+07FF), so the proportion of valid not-pure-ASCII two-byte sequences is 3.9%. Note that this assumes that control characters pass as ASCII; without the control characters, the percentage proportions drop somewhat).
- ^ Tools.ietf.org
- ^ "Should UTF-16 be considered harmful?". Stackoverflow.com. Retrieved 2010-09-13.
- ^ Although the difference may not be great: the 2010-11-22 version of hi:यूनिकोड (Unicode in Hindi), when the pure text was pasted to Notepad, generated 19 KB when saved as UTF-16 and 22 KB when saved as UTF-8.
- ^ The 2010-10-27 version of ja:UTF-8 generated 169 KB when converted with Notepad to UTF-16, and only 101 KB when converted back to UTF-8. The 2010-11-22 version of hi:यूनिकोड (Unicode in Hindi) required 119 KB in UTF-16 and 76 KB in UTF-8.
External links
There are several current definitions of UTF-8 in various standards documents:
- RFC 3629 / STD 63 (2003), which establishes UTF-8 as a standard Internet protocol element
- The Unicode Standard, Version 6.0, §3.9 D92, §3.10 D95 (2011)
- ISO/IEC 10646:2003 Annex D (2003)
They supersede the definitions given in the following obsolete works:
- ISO/IEC 10646-1:1993 Amendment 2 / Annex R (1996)
- The Unicode Standard, Version 5.0, §3.9 D92, §3.10 D95 (2007)
- The Unicode Standard, Version 4.0, §3.9–§3.10 (2003)
- The Unicode Standard, Version 2.0, Appendix A (1996)
- RFC 2044 (1996)
- RFC 2279 (1998)
- The Unicode Standard, Version 3.0, §2.3 (2000) plus Corrigendum #1 : UTF-8 Shortest Form (2000)
- Unicode Standard Annex #27: Unicode 3.1 (2001)
They are all the same in their general mechanics, with the main differences being on issues such as allowed range of code point values and safe handling of invalid input.
- Original UTF-8 paper (or pdf) for Plan 9 from Bell Labs
- RFC 5198 defines UTF-8 NFC for Network Interchange
- UTF-8 test pages by Andreas Prilop, Jost Gippert and the World Wide Web Consortium
- How to configure e-mail clients to send UTF-8 text
- Unix/Linux: UTF-8/Unicode FAQ, Linux Unicode HOWTO, UTF-8 and Gentoo
- The Unicode/UTF-8-character table displays UTF-8 in a variety of formats (with Unicode and HTML encoding information)
- Unicode and Multilingual Web Browsers from Alan Wood's Unicode Resources describes support and additional configuration of Unicode/UTF-8 in modern browsers
- JSP Wiki Browser Compatibility page details specific problems with UTF-8 in older browsers
- Mathematical Symbols in Unicode
- Graphical View of UTF-8 in ICU's Converter Explorer