> > The resolution of some URI aren't safe. I saw an "aim:" URI scheme > > recently that allowed resolution of a URI to send an AIM message. That > > is a Bad Thing. > > I don't think it's inherently bad, any more than > mailto:discuss-request@apps.ietf.org?Subject=subscribe > is bad. What's bad is for client implementors to make it possible > for "clicking" on such a URI (or having it appear in a script or > image tag on a web page) to result in a message being sent > without explicit user verification. Absolutely, but that's exactly what I mean by safe; no side effects upon resolution. mailto: is safe because 1) RFC 2368 defines semantics that doesn't send the email, and 2) no implementation that I know about automatically sends the email either. MB -- Mark Baker, Chief Science Officer, Planetfred, Inc. Ottawa, Ontario, CANADA. mbaker@planetfred.com http://www.markbaker.ca http://www.planetfred.comReceived on Sunday, 25 November 2001 21:19:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:29 GMT