[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIME Type Review Request: image/svg+xml




Sorry this is late. Here are some comments on this registration:


- Some of the ideas discussed at
  http://eikenes.alvestrand.no/pipermail/ietf-types/2004-July/000298.html
  might help improve the specification.

- The text below was produced by using an HTML-to-text conversion.
  Ideally, it should be possible to use the registration template
  directly as plain text, i.e. the most important URIs should
  appear in plain text.

- On the other hand, there is no need to provide URIs for RFCs.
  Something like "... [6]RFC3023 ..."
      [6] http://www.w3.org/TR/SVG12/references
  in an IETF context, is quite confusing.

- "Published specification:
         This media type registration is extracted from Appendix G of
         the SVG 1.2 specification."
  This sounds like it's the wrong way round. "Published specification"
  doesn't mean the specification of the registration template, but
  the specification of the format. This is in many ways the most important
  part of the mime registration. It tells a reader "if you get something
  of type image/svg+xml, here is the spec that tells you how to interprete
  that media type".
  Saying that the media type registration itself is in Appendix G
  is additional information worth mentioning, but much less important.

- Last but not least, I agree with comments already made in this venue
  that this media type should allow the 'charset' parameter as defined
  in RFC 3023. As argued in detail at
  http://lists.w3.org/Archives/Public/www-tag/2004Nov/0034.html,
  I do not see any way to justify removing the 'charset' parameter
  based on 'good practice' advice in the Web Architecture document
  (http://www.w3.org/TR/2004/PR-webarch-20041105/#no-charset).
  (Boris Zbarsky made essentially the same argument, but much shorter.)
  Continuing to allow the 'charset' parameter (or in this case, putting
  it back in) will make it easier to use generic tools (both on the
  producer side (databases, java servlets,...) and on the client side
  (xml editors, validators,...), which is one of the main advantages
  of +xml.


Regards, Martin.



At 01:22 04/11/03, Chris Lilley wrote:
>
>
>Please review the Media Type registration template described below. It
>is available in HTML [1] or in plain text form [2] and relates to the
>SVG specification [3]. Registration of this Media Type in the standards
>tree is requested, in conformance with [4] and [5].
>
> [1] http://www.w3.org/TR/SVG12/mimereg.html
> [2] http://www.w3.org/TR/SVG12/mimereg.html,text
> [3] http://www.w3.org/TR/SVG12/
> [4] http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-01.txt
> [5] http://www.w3.org/2002/06/registering-mediatype
>
>
>Registration of Media Type image/svg+xml
>
> MIME media type name:
> image
>
> MIME subtype name:
> svg+xml
>
> Required parameters:
> None.
>
> Optional parameters:
> None
>
> The encoding of an SVG document is determined by the XML
> encoding declaration. This has identical semantics to the
> application/xml media type in the case where the charset
> parameter is omitted, as specified in [6]RFC3023 sections 8.9,
> 8.10 and 8.11.
>
> [6] http://www.w3.org/TR/SVG12/references
>
> Encoding considerations:
> Same as for application/xml. See [7]RFC3023 , section 3.2.
>
> [7] http://www.w3.org/TR/SVG12/references
>
> Restrictions on usage:
> None
>
> Security considerations:
> As with other XML types and as noted in [8]RFC3023 section 10,
> repeated expansion of maliciously constructed XML entities can
> be used to consume large amounts of memory, which may cause XML
> processors in constrained environments to fail.
>
> [8] http://www.w3.org/TR/SVG12/references
>
> SVG documents may be transmitted in compressed form using gzip
> compression. For systems which employ MIME-like mechanisms,
> such as HTTP, this is indicated by the
> Content-Transfer-Encoding header; for systems which do not,
> such as direct filesystem access, this is indicated by the
> filename extension and by the Macintosh File Type Codes. In
> addition, gzip compressed content is readily recognised by the
> initial byte sequence as described in [9]RFC1952 section 2.3.1.
>
> [9] http://www.w3.org/TR/SVG12/references
>
> Several SVG elements may cause arbitrary URIs to be referenced.
> In this case, the security issues of [10]RFC2396, section 7,
> should be considered.
>
> [10] http://www.w3.org/TR/SVG12/references
>
> In common with HTML, SVG documents may reference external media
> such as images, audio, video, style sheets, and scripting
> languages. Scripting languages are executable content. In this
> case, the security considerations in the Media Type
> registrations for those formats apply.
>
> In addition, because of the extensibility features for SVG and
> of XML in general, it is possible that "image/svg+xml" may
> describe content that has security implications beyond those
> described here. However, if the processor follows only the
> normative semantics of this specification, this content will be
> outside the SVG namespace and will be ignored. Only in the case
> where the processor recognizes and processes the additional
> content, or where further processing of that content is
> dispatched to other processors, would security issues
> potentially arise. And in that case, they would fall outside
> the domain of this registration document.
>
> Interoperability considerations:
> This specification describes processing semantics that dictate
> behavior that must be followed when dealing with, among other
> things, unrecognized elements and attributes, both in the SVG
> namespace and in other namespaces.
>
> Because SVG is extensible, conformant "image/svg+xml"
> processors must expect that content received is well-formed
> XML, but it cannot be guaranteed that the content is valid to a
> particular DTD or Schema or that the processor will recognize
> all of the elements and attributes in the document.
>
> SVG has a published Test Suite and associated implementation
> report showing which implementations passed which tests at the
> time of the report. This information is periodically updated as
> new tests are added or as implementations improve.
>
> Published specification:
> This media type registration is extracted from Appendix G of
> the SVG 1.2 specification.
>
> Additional information:
>
> Person & email address to contact for further information:
> Dean Jackson, (dean@xxxxxx).
>
> Intended usage:
> COMMON
>
> Author/Change controller:
> The SVG specification is a work product of the World Wide Web
> Consortium's SVG Working Group. The W3C has change control over
> these specifications.
>
>--
> Chris Lilley mailto:chris@xxxxxx
> Chair, W3C SVG Working Group
> Member, W3C Technical Architecture Group