- From: Keith Moore <moore@cs.utk.edu>
- Date: Mon, 15 Apr 2002 14:43:56 -0400
- To: www-tag@w3.org
this was originally private mail to Dan; he asked me to fwd it to www-tag for discussion. To: Dan Connolly <connolly@w3.org> cc: Keith Moore <moore@cs.utk.edu> From: Keith Moore <moore@cs.utk.edu> Subject: Re: draft findings on Unsafe Methods (whenToUseGet-7) Date: Mon, 15 Apr 2002 13:35:21 EDT another common kind of side-effect (also having to do with email) involves sending an HTML document that includes a IMG tag, where the URL of the image (sometimes a one-pixel image with a transparent pixel) is specific to that specific message. when the recipient's MUA does a GET on that image it also has the side-effect of telling the image server that the recipient's MUA is displaying the message... thus serving as a sort of receipt confirmation. I don't think this should be considered a safe operation - first because the recipient has little or no control over it, second because it discloses information about the recipient that should be kept private unless the recipient explicitly consents to disclose it, third because it is of course possible that the recipient isn't actually reading the message - there might be some sort of preprocessor that downloads the messages and their images in advance of actually their being read, e.g. so that they can be read offline. Keith
Received on Monday, 15 April 2002 14:43:57 UTC