Event 1058 - Codepage Sniffing
Applies To: Windows 7, Windows Vista
Windows® Internet Explorer® 8 prevents certain codepages from participating in its codepage-sniffing heuristic. Any pages that rely on this heuristic to be recognized as 7-bit Unicode Transformation Format (UTF-7) will no longer be detected. UTF-7 is a character encoding used to represent Unicode-encoded text using a stream of ASCII characters, which was proposed for use in Internet e-mail messages. The Simple Mail Transfer Protocol (SMTP) standard for transmitting e-mail messages does not allow byte values above the ASCII range. Therefore, UTF-7 must include some provision to encode these higher value characters. For example: <script>MyMethod()</script> Is encoded in UTF-7 as: +ADw-script+AD4-MyMethod()+ADw-/script+AD4- Where the left angle bracket is encoded as +ADw- and the right angle bracket is encoded as +AD4-.
If Internet Explorer is asked to render a page where the character set is not explicitly specified, it will use a set of heuristics to examine (or "sniff") the page and determine the encoding type. If the UTF-7 encoding-related characters are found early enough in the Web page, Internet Explorer may interpret the code as a potentially malicious script and escape the text so that any embedded script will be unable to run.
When Is This Event Logged?
This event is logged when Internet Explorer detects a page that is encoded by using the UTF-7 character set.
Note
For more information and examples, see the Event 1058-Codepage Sniffing topic from Internet Explorer Application Compatibility.
Remediation
The best way to avoid this issue is to always specify the encoding of your Web page. You can do so with a meta tag as in the following example: <meta http-equiv="Content-type" content="text/html; charset=utf-8"> You can also set a, HTTP header: Content-Type: text/html; charset=UTF-8
Codepage Sniffing and the Registry
This feature can be disabled by configuring the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UTF7_SNIFFING\iexplore.exe= 0x0000000 registry key:
What Happens If I Disable This Security Feature?
If you disable this security feature, you will be more prone to cross-site scripting (XSS) attacks. Disabling this feature should only be used as a temporary measure during troubleshooting, to compare the behavior of the application when the feature is enabled and when it is disabled. It is not recommended that this feature be left disabled on an ongoing basis.