W3C home > Mailing lists > Public > www-svg@w3.org > October 2003

Re: Adobe plugin security fixes reccommend proprietary EMBED

From: David Woolley <david@djwhome.demon.co.uk>
Date: Tue, 14 Oct 2003 07:23:36 +0100 (BST)
Message-Id: <200310140623.h9E6Na701515@djwhome.demon.co.uk>
To: www-svg@w3.org

> object is not sufficiently specified for this, due to the non-specified

If that is the case, it needs to be raised against the HTML specification,
as I believe the intention was that OBJECT ought to be able to 
replace IMG.  I can appreciate why support for SVG as simple images
is not commercially exciting to browser developers (no market for 
new creation tools), but the lack of a vector format has been a serious
weakness for technical documents in HTML ever since images were 
introduced.

> You can also use iframe to include SVG documents, which is valid, and
> doesn't have any prompt issues, or require the data to be inline, or written
> by script.

Especially given that IE will put up a normal ActiveX warning for a
simple link to a PDF file, if the browser is configured to display it in
the browser window, iframe appears to me to be covered by the Microsoft
announcement, whether or not the beta version of the changes allows it.
iframe is also effectively deprecated (it has never been in any strict
version of an HTML standard).

The start of the announcement says that the only exceptions to ActiveX
are where the resource is embedded in the HTML (data: URL) or
where it is invoked by a script that is obtained from the remote site
but not embedded in the HTML.  It also says that OBJECT, APPLET and
EMBED are only examples, not the complete set of cirumstances.

I haven't seen the  patent claims, but I suspect there are some rather
technical legal arguments as to exactly what can be used to evade them.
Received on Tuesday, 14 October 2003 02:23:39 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:26 GMT