User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Bug 356280 is already fixed. But If parent frame exists on local file (May be other scheme can do), script is still executed. Reproducible: Always Steps to Reproduce: 1.Download attachment 251186 [details] to your local directory 2.Open it 3.Change encoding to UTF-7. Actual Results: Script written in UTF-7 is executed Expected Results: Script written in UTF-7 is should not executed It may be danger when local file is exists on removable media. Also reproduced at: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008011405 Minefield/3.0b3pre

This issue seems to be related as Bug 408457 or Bug 406777. (may be dup)

I see the same behavior for the testcase served from b.m.o as well as the same file served locally: that each child iframe inherits the character encoding from its parent when the character set is manually overridden in the parent. The bug title implies that character encoding is _not_ inherited by child (i)frames when the parent frame is remote. This doesn't appear to be the case. Per comment 1, I agree that this can be marked a dup of bug 408457. Tested with: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11