W3C home > Mailing lists > Public > public-qt-comments@w3.org > April 2005

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Thu, 07 Apr 2005 22:28:58 +0200
To: Liam Quin <liam@w3.org>
Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
Message-ID: <425b93d4.13001640@smtp.bjoern.hoehrmann.de>

* Liam Quin wrote:
>I.2 Registration of MIME Media Type application/xquery

>Optional parameters: charset
>The syntax of XQuery is expressed in Unicode but may be written with any
>Unicode-compatible character encoding, including UTF-8 or UTF-16, or
>transported as US-ASCII or Latin-1 with Unicode characters outside the
>range of the given encoding represented using an XML-style &#xddd;

>If an XQuery document contains an encoding declaration, it overrides the
>default encoding specified by the MIME charset parameter.

That's inconsistent with pretty much all other media types that allow a
charset parameter. What's the point of having a charset parameter here?

>I.5 Charset Default Rules
>XQuery documents use the Unicode character set and, by default, the
>UTF-8 encoding.

That's incorrect then, it defaults to the character encoding specified
in the charset parameter (which then defaults to UTF-8).

>I.6 Security Considerations
>Queries written in XQuery may cause arbitrary URIs to be dereferenced.
>Therefore, the security issues of [Uniform Resource Locators (URL)]
>Section 6 should be considered. In addition, the contents of file: URIs
>can in some cases be accessed, processed and returned as results.
>Furthermore, because the XQuery language permits extensions, it is
>possible that application/xquery may describe content that has security
>implications beyond those described here.
>The XML Query Working group is working on a facility to allow XQuery
>expressions to be used to create and update persistent data. Untrusted
>queries should not be given write access to data.

Compared to http://www.ietf.org/rfc/rfc2046.txt section 4.5.2 this seems
very incomplete...

>**** Registration for application/xquery+xml also at [4]
>C The application/xquery+xml Media Type (Non-Normative)

Non-Normative? Is there a normative version of this text?
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Thursday, 7 April 2005 20:28:37 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:45:23 UTC