W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 2000

RE: webmail vulnerabilities: a new pragma token?

From: David W. Morris <dwm@XPASC.COM>
Date: Thu, 20 Jan 2000 10:48:04 -0800 (PST)
cc: http-wg@cuckoo.hpl.hp.com
Message-ID: <Pine.GSO.4.05.10001201038490.15051-100000@shell1>


On Wed, 19 Jan 2000, Josh Cohen wrote:

> 
> I see your problem, but I dont think pragma is 
> the right place for a solution.
> As a matter of fact, I dont think HTTP is the place
> for your solution.  Why not just stick a meta tag
> in the HTML itself ?

Because that means parsing and modification of the HTML.  Doesn't scale to
any future content type ... I for one prefer security features out of band
to the channel or in this case processing layer of the client.

But I'm not sure this is a complete solution as proposed in any case. At
what point does not having scripting enabled prevent reasonable rendering
of the content?  Should plugins be enabled? What about content within
frames (or iframe) within the file which reference other servers? Meta
refresh tags which redirect to new content?

Dave Morris
Received on Thursday, 20 January 2000 18:54:32 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:35 EDT