- From: Larry Masinter <masinter@adobe.com>
- Date: Sat, 30 Oct 2010 12:17:47 -0700
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- CC: "eric@bisonsystems.net" <eric@bisonsystems.net>, "www-tag@w3.org" <www-tag@w3.org>, Adam Barth <ietf@adambarth.com>
I could imagine doing a "live editing" session if people had markups to http://tools.ietf.org/id/draft-masinter-mime-web-info-01.html but it isn't the normal sort of thing we do.... If you want to see the changes, http://tools.ietf.org/rfcdiff?url2=draft-masinter-mime-web-info-01.txt will show you what changed. Larry -- http://larry.masinter.net -----Original Message----- From: Noah Mendelsohn [mailto:nrm@arcanedomain.com] Sent: Wednesday, October 27, 2010 7:44 AM To: Larry Masinter Cc: eric@bisonsystems.net; www-tag@w3.org; Adam Barth Subject: Re: mime-web-info 6.1 feedback Larry, I haven't had time to read this revision yet. Do you feel there's enough new that we should spend some time with TAG members at TPAC Monday morning to work through the changes? Since we just did a lot of work in Mountain View, the agenda for Monday at TPAC is more open than usual. Thank you. Noah On 10/26/2010 2:44 AM, Larry Masinter wrote: > Up against the deadline for submitting new versions, I posted > > http://tools.ietf.org/html/draft-masinter-mime-web-info-01 > > without carefully addressing your comment on the "applications that use > this type" in what had been section 6.1 (in fact, the text in -01 is > unfortunately incoherent.) > > I was thinking about this, and wonder if the issue is really around the > security considerations for sniffing and privilege escalation... > > Content that allows hyperlinks to embedded content > > -- which is (or is not) commonly automatically retrieved to display > > E.g., html with embedded IMG tags > > Content that contains scripting: > > where script content can access the internet > > -- with or without sandboxing > > where script content can access the "local file system" > > Content that is not intended to be scriptable > > Buggy software can turn a JPEG into scriptable content which accesses the > local file system, but it's "buggy"? > > Turning text/plain into malicious content might involve attacks on the UTF8 > decoders? > > Note that some fonts are scriptable.... > > Larry > > -- > > http://larry.masinter.net >
Received on Saturday, 30 October 2010 19:18:17 UTC