W3C home > Mailing lists > Public > www-svg@w3.org > October 2003

Re: Adobe plugin security fixes reccommend proprietary EMBED

From: Tobias Reif <tobiasreif@pinkjuice.com>
Date: Mon, 13 Oct 2003 10:56:44 +0200
Message-ID: <3F8A68CC.3050604@pinkjuice.com>
To: www-svg@w3.org
Cc: David Woolley <david@djwhome.demon.co.uk>

Let's not start a wild and long object vs embed / software patents 
thread ... but:

David Woolley wrote:
> On about Thursday last week, Adobe re-issued their SVG plugin with a
> number of serious security flaws fixed.
> In connection with one of the (lesser) flaws, they said that people
> should use EMBED rather than OBJECT, and the wording suggested that it
> was their standard advice to use proprietary HTML with their plugin;
> there was no indication that EMBED was proprietory.  (The specific issue
> is that they can apparently sense the effect of the user's policy on
> scripting with EMBED, but not with OBJECT, so they have unconditionally
> disabled scripting with OBJECT.)

Yes, I think they should at least say that "embed" is not HTML = is 
non-standard (and AFAICS they could limit their recommendation to 
scripted SVG in IE).
Hopefully there soon will be a patch for IE addressing the issue (web 
page authors can't fix the bugs in IE, but MS can).

> (In respect of the last, I don't believe software patents create the
> innovation that is the justification for governments having patent
> laws.  In this case the innovation has been in ways of avoiding the
> patent, but which are generally detrimental to the web; they have not
> been in potentially better ways of achieving the same thing.)

Support http://swpat.ffii.org/ :)


Received on Monday, 13 October 2003 04:58:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:53:59 UTC