- From: Robin Berjon <robin@w3.org>
- Date: Fri, 01 Mar 2013 10:45:32 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: "www-tag@w3.org List" <www-tag@w3.org>
On 01/03/2013 03:04 , Bjoern Hoehrmann wrote: > * Robin Berjon wrote: >> I would support the TAG revisiting the topic of Authoritative Metadata, >> but with a view on pointing out that it is an architectural antipattern. >> Information that is essential and authoritative about the processing of >> a payload should be part of the payload and not external to it. Anything >> else is brittle and leads to breakage. > > That may be desired. Content Security Policies for instance are meant to > "break" some code injection attacks against generated payloads. They are > essential and authoritative, and putting them into payloads would defeat > their purpose to a considerable extent Indeed, but the difference here is that CSP is metadata attached to a resource, whereas the content type really describes the representation. I think that may provide a useful operative distinction for improving this finding. -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Friday, 1 March 2013 09:45:41 UTC