W3C home > Mailing lists > Public > public-qt-comments@w3.org > July 2005

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

From: Liam Quin <liam@w3.org>
Date: Mon, 11 Jul 2005 11:17:24 -0400
To: John Cowan <jcowan@reutershealth.com>
Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
Message-ID: <20050711151724.GC5665@w3.org>

On Thu, May 19, 2005 at 01:45:35PM -0400, John Cowan wrote:
> Liam Quin scripsit:
>>  Interchange of a database query language over the Web in its own
>>  Internet Type is likely for machine execution or to interchange
>>  files, not for reading by humans, as then text/plain might be
>>  more appropriate... but this is conjecture on my part right now.
> 
> FWIW, I think this is a Bad Thing.  Programming language content should
> go in text/plain files (despite the nasty problem with the encoding
> type imposed by text/*), so as to *discourage* browsers from attempting
> to execute them, which is a big fat security hole.

Execution of a query in this context could better be written as
evaluation of an expression; the side-effects in XQuery are very
limited, although I agree that whenever code is executed remotely
there are some serious security concerns.

> The use of text/css in HTML link elements and XML stylesheet PIs is
> essentially a hack so that browsers can decide whether to fetch the
> stylesheet, and is not consistent with the intention of IETF media
> types, which are designed to specify a minimal mapping from raw
> octets to interpretable objects such as characters or pixels.

I think this is a different case -- tect/css is a subsidiary document,
and the "type=" pseudo-attribute in a processing instruction is only
(I believe) there because the work predated widespread adoption of
XML namespaces.

Here, the XML Query document is likely to be the primary object
of transfer, not a subsidiary that applies to something else.

> Unless it was by accident that I had            John Cowan
> offended someone, I never apologized.           jcowan@reutershealth.com
>         --Quentin Crisp                         http://www.ccil.org/~cowan

Oh to be on the same page as Quentin Crisp, there can be
no higher honour!

Liam

-- 
Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/
http://www.holoweb.net/~liam/
Received on Monday, 11 July 2005 15:17:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:45:25 UTC