IETF Logo Mail Archive

Re: [ietf-types] Update to text/html registration

Paul Libbrecht <paul@hoplahup.net> Tue, 07 August 2012 13:14 UTC

Return-Path: <paul@hoplahup.net>
X-Original-To: ietf-types@ietfa.amsl.com
Delivered-To: ietf-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1804621F86D1 for <ietf-types@ietfa.amsl.com>; Tue, 7 Aug 2012 06:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ySN13OjlBhD7 for <ietf-types@ietfa.amsl.com>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by ietfa.amsl.com (Postfix) with ESMTP id 5773821F86B4 for <ietf-types@ietf.org>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from [192.168.178.43] (p5DDEC306.dip0.t-ipconnect.de [93.222.195.6]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0Mgrky-1TKmjs3e7M-00MZeh; Tue, 07 Aug 2012 15:14:37 +0200
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="iso-8859-1"
From: Paul Libbrecht <paul@hoplahup.net>
In-Reply-To: <20120807111647.GB67292@sideshowbarker>
Date: Tue, 07 Aug 2012 15:14:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0209276-1489-4A26-BFD8-4EB52957FBE3@hoplahup.net>
References: <20120807111647.GB67292@sideshowbarker>
To: Michael
X-Mailer: Apple Mail (2.1084)
X-Provags-ID: V02:K0:egVbsmX/LsrWCNUVjlSu88KP0PU7Ut4RO5kcYilUYU9 bnSTsUic1EB+6XcfK2Lj8ZgpmA8UcB62VRD0ws7RUhWfW7LIXa Lgh+NVzd5wX2Zms0U1CyO8kuxCcRnbySLs1WjtItptAkN0QTzw 1n5ADpJHFYl0fdu/uayeYiSxScMt8/kMlubgse7lcAcP5YZOio AxuN0GUFvGOH3853nq5m9osUny2BLIgJi7s1M2psoZ/Ey1EnjY CLF/e6smse9EiZQbMC8PSPHIJ9VHYTTHTamwAHT+y5jSKJmf34 D51czkduRh6PpBJFmtH/mqWGIHDh8D6bNPvELFWL2y0pki+PoE 5qsb0zIWDLXgWVZd56DBWby/hE1gzSQndOrkukhD7IntNb25Rd OWSvVo4g8MHxQ==
Cc: ietf-types@ietf.org
Subject: Re: [ietf-types] Update to text/html registration
X-BeenThere: ietf-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Media \(MIME\) type review" <ietf-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-types>
List-Post: <mailto:ietf-types@ietf.org>
List-Help: <mailto:ietf-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 13:14:42 -0000

Michael,

HTML is very commonly exchanged over clipboards in widespread operating systems.
Could I suggest that you enrich the registrations of html and xhtml so that you include two fields with
- Windows Clipboard Flavor Name
- Macintosh Uniform Type Identifier
This way platforms, which mostly already define these types, would do so based on an open standard.

I can try to research the possible values if you want.
I am not sure about the multipart media type but I suspect this would also be welcome (maybe for html with attached objects?).

Paul

PS: I feel the Macintosh file type code is obsolete and unused.


Le 7 août 2012 à 13:16, Michael[tm] Smith a écrit :

> Please update the registration for the text/html media type to reference
> the HTML5 specification instead of RFC 2854.
> 
>  http://www.w3.org/TR/html5/iana.html#text-html
> 
> ---------------------------------------------------------------------------
> Type name:
>  text
> 
> Subtype name:
>  html
> 
> Required parameters:
>  No required parameters
> 
> Optional parameters:
>  charset
>    The charset parameter may be provided to definitively specify the
>    document's character encoding, overriding any character encoding
>    declarations in the document. The parameter's value must be the name of
>    the character encoding used to serialize the file, must be a valid
>    character encoding name, and must be an ASCII case-insensitive match
>    for the preferred MIME name for that encoding. [IANACHARSET]
> 
> Encoding considerations:
>  8bit (see the section on character encoding declarations)
> 
> Security considerations:
>  Entire novels have been written about the security considerations that
>  apply to HTML documents. Many are listed in this document, to which the
>  reader is referred for more details. Some general concerns bear
>  mentioning here, however:
> 
>  HTML is scripted language, and has a large number of APIs (some of which
>  are described in this document). Script can expose the user to potential
>  risks of information leakage, credential leakage, cross-site scripting
>  attacks, cross-site request forgeries, and a host of other problems.
>  While the designs in this specification are intended to be safe if
>  implemented correctly, a full implementation is a massive undertaking
>  and, as with any software, user agents are likely to have security bugs.
> 
>  Even without scripting, there are specific features in HTML which, for
>  historical reasons, are required for broad compatibility with legacy
>  content but that expose the user to unfortunate security problems. In
>  particular, the img element can be used in conjunction with some other
>  features as a way to effect a port scan from the user's location on the
>  Internet. This can expose local network topologies that the attacker
>  would otherwise not be able to determine.
> 
>  HTML relies on a compartmentalization scheme sometimes known as the
>  same-origin policy. An origin in most cases consists of all the pages
>  served from the same host, on the same port, using the same protocol.
> 
>  It is critical, therefore, to ensure that any untrusted content that
>  forms part of a site be hosted on a different origin than any sensitive
>  content on that site. Untrusted content can easily spoof any other page
>  on the same origin, read data from that origin, cause scripts in that
>  origin to execute, submit forms to and from that origin even if they are
>  protected from cross-site request forgery attacks by unique tokens, and
>  make use of any third-party resources exposed to or rights granted to
>  that origin.
> 
> Interoperability considerations:
>  Rules for processing both conforming and non-conforming content are
>  defined in the HTML5 specification.
> 
> Published specification:
>  This HTML5 specification is the relevant specification. Labeling a
>  resource with the text/html type asserts that the resource is an HTML
>  document using the HTML syntax.
> 
> Applications that use this media type:
>  Web browsers, tools for processing Web content, HTML authoring tools,
>  search engines, validators.
> 
> Additional information:
>  Magic number(s):
>    No sequence of bytes can uniquely identify an HTML document. More
>    information on detecting HTML documents is available in the Media Type
>    Sniffing specification.
> 
>    File extension(s):
>      "html" and "htm" are commonly, but certainly not exclusively, used as
>      the extension for HTML documents.
> 
>    Macintosh file type code(s):
>      TEXT
> 
> Person & email address to contact for further information:
>   Michael[tm] Smith <mike@w3.org>
> 
> Intended usage:
>  Common
> 
> Restrictions on usage:
>  No restrictions apply.
> 
> Author:
>  Ian Hickson <ian@hixie.ch>
> 
> Change controller:
>  W3C
> 
> Fragment identifiers used with text/html resources either refer to the
> indicated part of the document or provide state information for in-page
> scripts.
> ---------------------------------------------------------------------------
> 
> -- 
> Michael[tm] Smith http://people.w3.org/mike
> _______________________________________________
> ietf-types mailing list
> ietf-types@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-types

v2.23.0 | Report a Bug | By Email