- From: Dale Rogers <dalerrogers@gmail.com>
- Date: Wed, 18 Jan 2023 02:51:28 +0000
- To: "matt.garrish@gmail.com" <matt.garrish@gmail.com>, "'Liam R. E. Quin'" <liam@fromoldbooks.org>, 'John Foliot' <john@foliot.ca>, "public-epub3@w3.org" <public-epub3@w3.org>, "public-publishingcg@w3.org" <public-publishingcg@w3.org>, "epub-higher-education@lists.daisy.org" <epub-higher-education@lists.daisy.org>
- Message-ID: <BL3PR12MB6644E5177032EAA831D930F7A8C79@BL3PR12MB6644.namprd12.prod.outlook.com>
I’ve been following this discussion. I think the code tag solution is probably the easiest. Or escape the characters so they are not automatically interpreted/converted to live URLS by the user agent or epub authoring package. The code tag would be easilier for authors to employ. Best Regards, Dale Dale R Rogers, M.Ed, CIW Digital Creative Entrepreneur Instructional Designer, eLearning Developer Personal: dale@dalerogers.me<mailto:dale@dalerogers.me> Web: dalerogers.me<https://dalerogers.me/> From: matt.garrish@gmail.com <matt.garrish@gmail.com> Date: Tuesday, January 17, 2023 at 6:11 PM To: 'Liam R. E. Quin' <liam@fromoldbooks.org>, 'John Foliot' <john@foliot.ca>, public-epub3@w3.org <public-epub3@w3.org>, public-publishingcg@w3.org <public-publishingcg@w3.org>, epub-higher-education@lists.daisy.org <epub-higher-education@lists.daisy.org> Subject: RE: Seeking *opinions* as part of a larger research issue. > A URL in a long-lived document can have the problem that the original owner stopped paying for it and it now serves malware or phishing pages. So there can be security implications. Yes, absolutely, and we do briefly mention this issue in the threat model section[1] in the EPUB 3.3 spec (under linking to external resources), although we're not able to offer great solutions for it. Anything that requires passing through the vendor/publisher to get to the destination then brings in privacy issues, as Leonard has already alluded to. And assumes they're still around and their domain hasn't been taken over... [1] https://www.w3.org/TR/epub-33/#epub-threat-model Matt -----Original Message----- From: Liam R. E. Quin <liam@fromoldbooks.org> Sent: January 17, 2023 5:32 PM To: John Foliot <john@foliot.ca>; public-epub3@w3.org; public-publishingcg@w3.org; epub-higher-education@lists.daisy.org Subject: Re: Seeking *opinions* as part of a larger research issue. A URL in a long-lived document can have the problem that the original owner stopped paying for it and it now serves malware or phishing pages. So there can be security implications. These can be avoided by using example.org, but if there's significance in the text of the URL that likely doesn't work. Yes, they should be marked up as code, not as links, as there's no expectation of traversing them and they are not expressing a link relationship between the context in which they are embedded and the resource they may or may not represent. So to some extent i think this follows from Web architecture and probably the HTML spec. liam -- Liam Quin, https://www.delightfulcomputing.com/ Available for XML/Document/Information Architecture/XSLT/ XSL/XQuery/Web/Text Processing/A11Y training, work & consulting. Barefoot Web-slave, antique illustrations: http://www.fromoldbooks.org
Received on Wednesday, 18 January 2023 02:51:42 UTC