Hallvord, do you not want to split the writable types list in safe and non-safe ones and let browsers how they deal with unsafe ones? Here's an idea: html, xml, and picture formats should be in the unsafe ones. I guess json too (but both XML and JSON are too generic to my taste). Similarly, I'd like to add things such as MathML ones (application/mathml-presentation+xml, application/mathml-content+xml, application/mathml+xml) and rtf. For the unsafe formats, the warning could say that the UA-implementors should only support the flavour if they have a method to make this content safe so that local applications (which do not expect untrusted content) receive content they can trust when pasting. Methods to make the content safe include the following: transcoding a picture, inlining all external entities for html, xml, mathml, or rtf). What do you think? Paul Hallvord Reiar Michaelsen Steen wrote: > How does that sound? > > To those of you who want support for reading and writing many more > formats (both common like RTF and esoteric ones): we're discussing > what scripts from the world wild web should be allowed to do, > basically without any permissions being granted (just something being > clicked/touched in a page - a pretty low bar..). I understand that > you're impatiently looking forward to all the great stuff you could do > with full access to read and write whatever, but please have some > patience while we work out just how scary (or not) various data types > are..
Received on Monday, 17 August 2015 12:54:44 UTC