- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 16 Mar 2009 15:34:14 +0100
- To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
- Cc: Arthur Barstow <art.barstow@nokia.com>, public-webapps <public-webapps@w3.org>
On Mon, Mar 16, 2009 at 3:06 PM, Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net> wrote: > Dear Art, > > Regarding "P&C spec - Mandatory config file", I would like to give more information about my concerns. > > According to the current "W3C Working Draft 9 March 2009", the config.xml file has a single mandatory element. This is the <widget> element. All its expected children elements and attributes are optional. Therefore I have got the impression that the config.xml file does not add any security. However, it will help to identify a zip archive as a widget if the media type and/or file extension are missing. > > To be clear, I do not have any objections against the config.xml file in general. I only have concerns regarding its potential to improve security. > Ok, forget the security aspects. Lets just say it identifies a widget as being a widget in the absence of a media type. -- Marcos Caceres http://datadriven.com.au
Received on Monday, 16 March 2009 14:45:48 UTC