- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 11 Feb 2009 16:38:40 -0800
- To: Breno de Medeiros <breno@google.com>
- Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
On Wed, Feb 11, 2009 at 4:00 PM, Breno de Medeiros <breno@google.com> wrote: > All of the above systems target browsers and none have the usage > requirements of the proposed spec. The point is there are enough HTTP servers on the Internet that let uses upload content in this way that these vendors have added strict Content-Type processing to their metadata mechanisms. If you don't even warn consumers of your spec about these threats, those folks will build applications on top of host-meta that make these servers vulnerable to attack. Adam
Received on Thursday, 12 February 2009 00:39:16 UTC