[css-syntax] Limit @charset to 1024 bytes, like <meta charset> in HTML.

Author: SimonSapin

css-syntax/Overview.html

@@ -54,7 +54,7 @@
 </p>
   <h1 class="p-name no-ref" id=title>CSS Syntax Module Level 3</h1>
   <h2 class="no-num no-toc no-ref heading settled heading" id=subtitle><span class=content>Editor’s Draft,
-    <span class=dt-updated><span class=value-title title=20140124>24 January 2014</span></span></span></h2>
+    <span class=dt-updated><span class=value-title title=20140127>27 January 2014</span></span></span></h2>
   <div data-fill-with=spec-metadata><dl><dt>This version:<dd><a class=u-url href=http://dev.w3.org/csswg/css-syntax/>http://dev.w3.org/csswg/css-syntax/</a><dt>Latest version:<dd><a href=http://www.w3.org/TR/css-syntax-3/>http://www.w3.org/TR/css-syntax-3/</a><dt>Editor’s Draft:<dd><a href=http://dev.w3.org/csswg/css-syntax/>http://dev.w3.org/csswg/css-syntax/</a><dt>Previous Versions:<dd><a href=http://www.w3.org/TR/2013/WD-css-syntax-3-20131105/ rel=previous>http://www.w3.org/TR/2013/WD-css-syntax-3-20131105/</a><dd><a href=http://www.w3.org/TR/2013/WD-css-syntax-3-20130919/ rel=previous>http://www.w3.org/TR/2013/WD-css-syntax-3-20130919/</a>
     <dt>Feedback:</dt>
         <dd><a href="mailto:www-style@w3.org?subject=%5Bcss-syntax%5D%20feedback">www-style@w3.org</a>
@@ -446,7 +446,8 @@ <h3 class="heading settled heading" data-level=3.2 id=input-byte-stream><span cl
 			use the return value as the fallback encoding.
 
 		<li>
-			Otherwise, check the byte stream. If the byte stream begins with the hex sequence
+			Otherwise, check the byte stream.
+			If the first 1024 bytes of the stream begin with the hex sequence
 
 <pre>40 63 68 61 72 73 65 74 20 22 XX* 22 3B</pre>
 <p>			where each <code>XX</code> byte is between 23<sub>16</sub> and 7E<sub>16</sub> inclusive,
@@ -4704,7 +4705,15 @@ <h3 class="heading settled heading" data-level=10.1 id=changes-WD-20131105><span
 			<a data-biblio-type=informative data-link-type=biblio href=#encoding title=encoding>[ENCODING]</a> has been added to the list of normative references.
 			It was already referenced in normative text before,
 			just not listed as such.
-	</ul>
+		<li>
+			In the algorithm to <a data-link-type=dfn href=#determine-the-fallback-encoding title="determine the fallback encoding">determine the fallback encoding</a> of a stylesheet,
+			limit the <code>@charset</code> byte sequence to 1024 bytes.
+			This aligns with what HTML does for <code>&lt;meta charset&gt;</code>
+			and makes sure the size of the sequence is bounded.
+			This only makes a difference with leading or trailing whitespace
+			in the encoding label:
+
+<pre>@charset "   <em>(lots of whitespace)</em>   utf-8";</pre>	</ul>
 
 <h3 class="heading settled heading" data-level=10.2 id=changes-WD-20130919><span class=secno>10.2 </span><span class=content>
 Changes from the 19 September 2013 Working Draft</span><a class=self-link href=#changes-WD-20130919></a></h3>

css-syntax/Overview.src.html

@@ -283,7 +283,8 @@ <h3 id="input-byte-stream">
 			use the return value as the fallback encoding.
 
 		<li>
-			Otherwise, check the byte stream. If the byte stream begins with the hex sequence
+			Otherwise, check the byte stream.
+			If the first 1024 bytes of the stream begin with the hex sequence
 
 			<pre>40 63 68 61 72 73 65 74 20 22 XX* 22 3B</pre>
 
@@ -3228,6 +3229,15 @@ <h3 id="changes-WD-20131105">
 			[[ENCODING]] has been added to the list of normative references.
 			It was already referenced in normative text before,
 			just not listed as such.
+		<li>
+			In the algorithm to <a>determine the fallback encoding</a> of a stylesheet,
+			limit the <code>@charset</code> byte sequence to 1024 bytes.
+			This aligns with what HTML does for <code>&lt;meta charset></code>
+			and makes sure the size of the sequence is bounded.
+			This only makes a difference with leading or trailing whitespace
+			in the encoding label:
+
+			<pre>@charset "   <em>(lots of whitespace)</em>   utf-8";</pre>
 	</ul>
 
 <h3 id="changes-WD-20130919">