W3C home > Mailing lists > Public > ietf-discuss@w3.org > November 2001

Re: URI resolution & safety

From: Keith Moore <moore@cs.utk.edu>
Date: Sun, 25 Nov 2001 11:16:36 -0500
Message-Id: <200111251616.fAPGGaT27891@astro.cs.utk.edu>
To: Mark Baker <distobj@acm.org>
cc: dcrocker@brandenburg.com (Dave Crocker), dee3@torque.pothole.com (Donald E. Eastlake 3rd), discuss@apps.ietf.org
> The resolution of some URI aren't safe.  I saw an "aim:" URI scheme
> recently that allowed resolution of a URI to send an AIM message.  That
> is a Bad Thing.

I don't think it's inherently bad, any more than
mailto:discuss-request@apps.ietf.org?Subject=subscribe
is bad.  What's bad is for client implementors to make it possible 
for "clicking" on such a URI (or having it appear in a script or
image tag on a web page) to result in a message being sent 
without explicit user verification.   

Keith
Received on Sunday, 25 November 2001 11:17:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:29 GMT