[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PaceFormatSecurity

To: Robert Sayre <mint@xxxxxxxxxxxxxxx>
Subject: Re: PaceFormatSecurity
From: Tim Bray <Tim.Bray@xxxxxxx>
Date: Fri, 28 Jan 2005 13:21:08 -0800
Cc: Graham <dtcd@xxxxxxx>, Joe Gregorio <joe.gregorio@xxxxxxxxx>, Atom Syntax <atom-syntax@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-id: <atom-syntax.imc.org>
List-unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-atom-syntax@xxxxxxxxxxxx

On Jan 28, 2005, at 12:55 PM, Robert Sayre wrote:

I would strike all the details on HTML, leave the first paragraph, and refer to the security sections of RFC 2854 and HTML 4.01.

Whereas you could technically get by with warning-by-reference, I think that it's OK and fact probably essential to point out that <img> and <script> and <object> and so on; are potentially lethal; I thought Joe got about the right level, except for the "what to do" stuff. -Tim

Follow-Ups:
- Re: PaceFormatSecurity
  - From: Asbjørn Ulsberg
- Re: PaceFormatSecurity
  - From: Robert Sayre

References:
- PaceFormatSecurity
  - From: Joe Gregorio
- Re: PaceFormatSecurity
  - From: Graham
- Re: PaceFormatSecurity
  - From: Robert Sayre

Prev by Date: Re: PaceFormatSecurity
Next by Date: Proof-of-concept RDF mapping for Atom
Previous by thread: Re: PaceFormatSecurity
Next by thread: Re: PaceFormatSecurity
Index(es):
- Date
- Thread