Re: [ietf-types] Update to text/html registration
Paul Libbrecht <paul@hoplahup.net> Tue, 07 August 2012 13:14 UTC
Return-Path: <paul@hoplahup.net>
X-Original-To: ietf-types@ietfa.amsl.com
Delivered-To: ietf-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1804621F86D1 for <ietf-types@ietfa.amsl.com>; Tue, 7 Aug 2012 06:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ySN13OjlBhD7 for <ietf-types@ietfa.amsl.com>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by ietfa.amsl.com (Postfix) with ESMTP id 5773821F86B4 for <ietf-types@ietf.org>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from [192.168.178.43] (p5DDEC306.dip0.t-ipconnect.de [93.222.195.6]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0Mgrky-1TKmjs3e7M-00MZeh; Tue, 07 Aug 2012 15:14:37 +0200
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="iso-8859-1"
From: Paul Libbrecht <paul@hoplahup.net>
In-Reply-To: <20120807111647.GB67292@sideshowbarker>
Date: Tue, 07 Aug 2012 15:14:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0209276-1489-4A26-BFD8-4EB52957FBE3@hoplahup.net>
References: <20120807111647.GB67292@sideshowbarker>
To: Michael
X-Mailer: Apple Mail (2.1084)
X-Provags-ID: V02:K0:egVbsmX/LsrWCNUVjlSu88KP0PU7Ut4RO5kcYilUYU9 bnSTsUic1EB+6XcfK2Lj8ZgpmA8UcB62VRD0ws7RUhWfW7LIXa Lgh+NVzd5wX2Zms0U1CyO8kuxCcRnbySLs1WjtItptAkN0QTzw 1n5ADpJHFYl0fdu/uayeYiSxScMt8/kMlubgse7lcAcP5YZOio AxuN0GUFvGOH3853nq5m9osUny2BLIgJi7s1M2psoZ/Ey1EnjY CLF/e6smse9EiZQbMC8PSPHIJ9VHYTTHTamwAHT+y5jSKJmf34 D51czkduRh6PpBJFmtH/mqWGIHDh8D6bNPvELFWL2y0pki+PoE 5qsb0zIWDLXgWVZd56DBWby/hE1gzSQndOrkukhD7IntNb25Rd OWSvVo4g8MHxQ==
Cc: ietf-types@ietf.org
Subject: Re: [ietf-types] Update to text/html registration
X-BeenThere: ietf-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Media \(MIME\) type review" <ietf-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-types>
List-Post: <mailto:ietf-types@ietf.org>
List-Help: <mailto:ietf-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 13:14:42 -0000
Michael, HTML is very commonly exchanged over clipboards in widespread operating systems. Could I suggest that you enrich the registrations of html and xhtml so that you include two fields with - Windows Clipboard Flavor Name - Macintosh Uniform Type Identifier This way platforms, which mostly already define these types, would do so based on an open standard. I can try to research the possible values if you want. I am not sure about the multipart media type but I suspect this would also be welcome (maybe for html with attached objects?). Paul PS: I feel the Macintosh file type code is obsolete and unused. Le 7 août 2012 à 13:16, Michael[tm] Smith a écrit : > Please update the registration for the text/html media type to reference > the HTML5 specification instead of RFC 2854. > > http://www.w3.org/TR/html5/iana.html#text-html > > --------------------------------------------------------------------------- > Type name: > text > > Subtype name: > html > > Required parameters: > No required parameters > > Optional parameters: > charset > The charset parameter may be provided to definitively specify the > document's character encoding, overriding any character encoding > declarations in the document. The parameter's value must be the name of > the character encoding used to serialize the file, must be a valid > character encoding name, and must be an ASCII case-insensitive match > for the preferred MIME name for that encoding. [IANACHARSET] > > Encoding considerations: > 8bit (see the section on character encoding declarations) > > Security considerations: > Entire novels have been written about the security considerations that > apply to HTML documents. Many are listed in this document, to which the > reader is referred for more details. Some general concerns bear > mentioning here, however: > > HTML is scripted language, and has a large number of APIs (some of which > are described in this document). Script can expose the user to potential > risks of information leakage, credential leakage, cross-site scripting > attacks, cross-site request forgeries, and a host of other problems. > While the designs in this specification are intended to be safe if > implemented correctly, a full implementation is a massive undertaking > and, as with any software, user agents are likely to have security bugs. > > Even without scripting, there are specific features in HTML which, for > historical reasons, are required for broad compatibility with legacy > content but that expose the user to unfortunate security problems. In > particular, the img element can be used in conjunction with some other > features as a way to effect a port scan from the user's location on the > Internet. This can expose local network topologies that the attacker > would otherwise not be able to determine. > > HTML relies on a compartmentalization scheme sometimes known as the > same-origin policy. An origin in most cases consists of all the pages > served from the same host, on the same port, using the same protocol. > > It is critical, therefore, to ensure that any untrusted content that > forms part of a site be hosted on a different origin than any sensitive > content on that site. Untrusted content can easily spoof any other page > on the same origin, read data from that origin, cause scripts in that > origin to execute, submit forms to and from that origin even if they are > protected from cross-site request forgery attacks by unique tokens, and > make use of any third-party resources exposed to or rights granted to > that origin. > > Interoperability considerations: > Rules for processing both conforming and non-conforming content are > defined in the HTML5 specification. > > Published specification: > This HTML5 specification is the relevant specification. Labeling a > resource with the text/html type asserts that the resource is an HTML > document using the HTML syntax. > > Applications that use this media type: > Web browsers, tools for processing Web content, HTML authoring tools, > search engines, validators. > > Additional information: > Magic number(s): > No sequence of bytes can uniquely identify an HTML document. More > information on detecting HTML documents is available in the Media Type > Sniffing specification. > > File extension(s): > "html" and "htm" are commonly, but certainly not exclusively, used as > the extension for HTML documents. > > Macintosh file type code(s): > TEXT > > Person & email address to contact for further information: > Michael[tm] Smith <mike@w3.org> > > Intended usage: > Common > > Restrictions on usage: > No restrictions apply. > > Author: > Ian Hickson <ian@hixie.ch> > > Change controller: > W3C > > Fragment identifiers used with text/html resources either refer to the > indicated part of the document or provide state information for in-page > scripts. > --------------------------------------------------------------------------- > > -- > Michael[tm] Smith http://people.w3.org/mike > _______________________________________________ > ietf-types mailing list > ietf-types@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-types
- Re: [ietf-types] Update to text/html registration Ned Freed
- Re: [ietf-types] Update to text/html registration Michael[tm] Smith
- [ietf-types] Update to text/html registration Michael[tm] Smith
- Re: [ietf-types] Update to text/html registration Paul Libbrecht
- Re: [ietf-types] Update to text/html registration Mark Baker
- Re: [ietf-types] Update to text/html registration Michael[tm] Smith
- Re: [ietf-types] Update to text/html registration Michael[tm] Smith
- Re: [ietf-types] Update to text/html registration Ned Freed
- Re: [ietf-types] Update to text/html registration Ned Freed
- Re: [ietf-types] Update to text/html registration Julian Reschke
- Re: [ietf-types] Update to text/html registration Michael[tm] Smith
- Re: [ietf-types] Update to text/html registration Paul Libbrecht
- Re: [ietf-types] Update to text/html registration Ned Freed
- Re: [ietf-types] Update to text/html registration Julian Reschke
- Re: [ietf-types] Update to text/html registration Ian Hickson
- Re: [ietf-types] Update to text/html registration Julian Reschke
- Re: [ietf-types] Update to text/html registration Ian Hickson