W3C home > Mailing lists > Public > public-rdf-in-xhtml-tf@w3.org > July 2009

Re: an alternative for microformat-like simplicity -- the security angle

From: Ben Adida <ben@adida.net>
Date: Thu, 30 Jul 2009 09:55:00 -0700
Message-ID: <4A71D064.9000206@adida.net>
To: Manu Sporny <msporny@digitalbazaar.com>
CC: RDFa TF list <public-rdf-in-xhtml-tf@w3.org>
Manu Sporny wrote:
> Ben's proposal is concerned about not having to dereference anything
> during the RDFa processor stage because it leads to complexity and the
> possibility of not generating triples at parse-time.

During the telecon today, I brought up a point that hints at the
architectural complication that results from
"dereferencing-in-the-parser": security.

Specifically, a pure JavaScript parser (i.e. bookmarklet) would be
unable to produce any output, since it cannot dereference a third-party
resource. Of course, a plugin, or JavaScript with elevated privileges,
could, but the core issue remains that the parser now needs to consider
a number of security issues related to third-party content, just to
produce the first batch of triples.

-Ben
Received on Thursday, 30 July 2009 16:55:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 30 July 2009 16:55:39 GMT