- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 07 Apr 2005 22:28:58 +0200
- To: Liam Quin <liam@w3.org>
- Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
* Liam Quin wrote: >I.2 Registration of MIME Media Type application/xquery >Optional parameters: charset > >The syntax of XQuery is expressed in Unicode but may be written with any >Unicode-compatible character encoding, including UTF-8 or UTF-16, or >transported as US-ASCII or Latin-1 with Unicode characters outside the >range of the given encoding represented using an XML-style ෝ >syntax. >If an XQuery document contains an encoding declaration, it overrides the >default encoding specified by the MIME charset parameter. That's inconsistent with pretty much all other media types that allow a charset parameter. What's the point of having a charset parameter here? >I.5 Charset Default Rules > >XQuery documents use the Unicode character set and, by default, the >UTF-8 encoding. That's incorrect then, it defaults to the character encoding specified in the charset parameter (which then defaults to UTF-8). >I.6 Security Considerations > >Queries written in XQuery may cause arbitrary URIs to be dereferenced. >Therefore, the security issues of [Uniform Resource Locators (URL)] >Section 6 should be considered. In addition, the contents of file: URIs >can in some cases be accessed, processed and returned as results. > >Furthermore, because the XQuery language permits extensions, it is >possible that application/xquery may describe content that has security >implications beyond those described here. > >The XML Query Working group is working on a facility to allow XQuery >expressions to be used to create and update persistent data. Untrusted >queries should not be given write access to data. Compared to http://www.ietf.org/rfc/rfc2046.txt section 4.5.2 this seems very incomplete... >**** Registration for application/xquery+xml also at [4] > >C The application/xquery+xml Media Type (Non-Normative) Non-Normative? Is there a normative version of this text? -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Thursday, 7 April 2005 20:28:37 UTC