Re: [svgwg] [svg-native] What should the file extension be? (#664) from Marcus Rohrmoser via GitHub on 2021-06-05 (public-svg-issues@w3.org from June 2021)

From: Marcus Rohrmoser via GitHub <sysbot+gh@w3.org>
Date: Sat, 05 Jun 2021 15:49:23 +0000
To: public-svg-issues@w3.org
Message-ID: <issue_comment.created-855258214-1622908161-sysbot+gh@w3.org>

No renderer may naively trust neither mime nor extension – it has to be either strict (=safe) or trusting.

That's the decision to the consumer. Not the producer. So declaring safe via mime or extension isn't a security gain anyway.

-- 
GitHub Notification of comment by mro
Please view or discuss this issue at https://github.com/w3c/svgwg/issues/664#issuecomment-855258214 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 5 June 2021 15:49:45 UTC