Re: The 'image/svg+xml' Media Type from Chris Lilley on 2002-06-20 (www-svg@w3.org from June 2002)

From: Chris Lilley <chris@w3.org>
Date: Thu, 20 Jun 2002 13:29:39 +0200
To: www-svg@w3.org, "Jim Ley" <jim@jibbering.com>
Message-ID: <14415291187.20020620132939@w3.org>

On Wednesday, June 19, 2002, 9:17:56 PM, Jim wrote:

JL> "David Woolley" <david@djwhome.demon.co.uk>
>> From: Jim Ley [SMTP:jim@jibbering.com]
>>
>> > Given that conformant dynamic SVG applications must implement
JL> ECMAScript
>> > that being the same is not IMO sufficient.
>>
>> If conformance requires scripting support, I would say that there is no
>> way that image/ is appropriate.

JL> I'm not as dogmatic as that, but I do think it's a good reason to not
JL> consider image/svg+xml "a given", when registration is attempted,

It is, first an foremost, an image format. So image/* is clearly the
appropriate choice.

JL> this
JL> may well address my concerns.  Other security concerns are what happens
JL> when potentially dangerous content is included in a foriegnObject
JL> element, - SVG needs to be considered as evil as the most evil thing that
JL> can be included in a foriegn object.

No, the security concerns are those of the included content. Which is
not quite the same thing.

>> If compliance
>> requires scripting, I'm unlikely to allow my browser to be fully
JL> compliant most
>> of the time  and some organisations are likely to make this corporate
JL> policy.

Disabling scripting does not make it non compliant. It makes it tuned
to user preference. An implementation that can pass the appropriate
tests when scripting is enabled is very different, conformance wise,
from one that fails the tests.

JL> SVG 1.0 only recomends viewers follow the in development UAAG 1.0  but
JL> does note:
JL> "Once the guidelines are completed, a future version of this
JL> specification is likely to require conformance to the Priority 1
JL> guidelines in Conforming SVG Viewers."

JL> and toggle scripts is a (currently) P1 in UAAG, so lets hope that future
JL> versions do have this requirement -  with both UAAG 1 and SVG 1.1 at CR
JL> stage - is it something that could be addressed in SVG 1.1 ?

I would say there is scope for clarifying what happens when scripting
is disabled at user option, yes.

-- 
 Chris                            mailto:chris@w3.org

Received on Thursday, 20 June 2002 07:32:04 UTC