- From: James P. Salsman <bovik@best.com>
- Date: Fri, 3 Mar 2000 01:57:03 -0800 (PST)
- To: braden@endoframe.com
- Cc: ietf@ietf.org, www-html@w3.org
Line noise transmitted the message below unattributed; my apologies to Braden McDaniel. >> [JPS:] The only >> way to obtain device upload does not even involve the INPUT tag >> (on Windows' MSIE, the OBJECT tag is used with an insecure >> "ActiveX" binary; on Netscape Navigator under Windows, the EMBED >> tag is used with a similarly insecure arrangement where the user >> must "Grant All" system privileges to the EMBEDed binary code.) > > [BNM:] Yes, well, one could probably use OBJECT/EMBED to make pigs > fly if one were so inclined and prepared to waive the relevant > security precautions. The security concerns are actually more significant than the "it won't run on my Mac/Unix workstation" -- at least for the majority that don't have Mac or Unix workstations. Promiscuous use of insecure binary plug-in applications is another reason against OBJECT and EMBED. >> If the W3C would just take a stand, and tell the browser vendors >> that in order to be compliant with the W3C Recommendations, if >> device upload is implemented then it should be available in a >> certain way, then they would probably conform to stay compliant. > > The W3C has defined conformance terms for HTML 4, CSS1, CSS2... And how > many browsers conform to date? I'm a little bit skeptical that having the > W3C stomp its feet would do a bit of good. It is completely reasonable for the W3C to act in the general interest of web users. Supporting device upload would be in their interest because of the reduced security concerns, the more widespread accessibility on a diversity of platforms, and the general utility of the services enabled for education, commerce and industry. I believe the W3C will try to hold on to its leadership role in consumer protection pertaining to browser technology. Cheers, James
Received on Friday, 3 March 2000 04:57:45 UTC