- From: Mike Schinkel <mikeschinkel@gmail.com>
- Date: Tue, 5 Dec 2006 06:30:15 -0500
>> Turn that example around. Suppose the web server >> says the document is a script that should be executed. >> Should the client execute it? Ah, your interpretation is incorrect. The server says "this is a script" and the client is required to treat it "as a script." THAT DOESN'T MEAN that the client must execute it; nay, the client should decide what to do with it, and a smart client with initiate safety precautions and NOT exectute it unless the user explicity overrides the safety. But the clients shouldn't, for example try to open a script that the server said was a script in Word or Excel, that is unless the server served as application/msword or application/vnd.ms-excel, respectively. See: http://www.w3.org/2001/tag/doc/mime-respect-20030709 1 Summary of Key Points * MIME headers sent by a server are authoritative. [Design choice] * User agent behavior that misrepresents the user or the server is harmful. [Principle] The document is short and worth reading if you haven't previously read it. Ultimately we are saying the same thing, but we got there via different paths. In many case, the path is very important as, in this debate, described in the referenced document. -Mike Schinkel http://www.mikeschinkel.com/blogs/ http://www.welldesignedurls.org/
Received on Tuesday, 5 December 2006 03:30:15 UTC