Re: [ietf-types] Update to text/html registration

Paul Libbrecht <> Tue, 07 August 2012 13:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1804621F86D1 for <>; Tue, 7 Aug 2012 06:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ySN13OjlBhD7 for <>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5773821F86B4 for <>; Tue, 7 Aug 2012 06:14:40 -0700 (PDT)
Received: from [] ( []) by (node=mreu1) with ESMTP (Nemesis) id 0Mgrky-1TKmjs3e7M-00MZeh; Tue, 07 Aug 2012 15:14:37 +0200
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="iso-8859-1"
From: Paul Libbrecht <>
In-Reply-To: <20120807111647.GB67292@sideshowbarker>
Date: Tue, 07 Aug 2012 15:14:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <20120807111647.GB67292@sideshowbarker>
To: Michael
X-Mailer: Apple Mail (2.1084)
X-Provags-ID: V02:K0:egVbsmX/LsrWCNUVjlSu88KP0PU7Ut4RO5kcYilUYU9 bnSTsUic1EB+6XcfK2Lj8ZgpmA8UcB62VRD0ws7RUhWfW7LIXa Lgh+NVzd5wX2Zms0U1CyO8kuxCcRnbySLs1WjtItptAkN0QTzw 1n5ADpJHFYl0fdu/uayeYiSxScMt8/kMlubgse7lcAcP5YZOio AxuN0GUFvGOH3853nq5m9osUny2BLIgJi7s1M2psoZ/Ey1EnjY CLF/e6smse9EiZQbMC8PSPHIJ9VHYTTHTamwAHT+y5jSKJmf34 D51czkduRh6PpBJFmtH/mqWGIHDh8D6bNPvELFWL2y0pki+PoE 5qsb0zIWDLXgWVZd56DBWby/hE1gzSQndOrkukhD7IntNb25Rd OWSvVo4g8MHxQ==
Subject: Re: [ietf-types] Update to text/html registration
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Media \(MIME\) type review" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Aug 2012 13:14:42 -0000


HTML is very commonly exchanged over clipboards in widespread operating systems.
Could I suggest that you enrich the registrations of html and xhtml so that you include two fields with
- Windows Clipboard Flavor Name
- Macintosh Uniform Type Identifier
This way platforms, which mostly already define these types, would do so based on an open standard.

I can try to research the possible values if you want.
I am not sure about the multipart media type but I suspect this would also be welcome (maybe for html with attached objects?).


PS: I feel the Macintosh file type code is obsolete and unused.

Le 7 août 2012 à 13:16, Michael[tm] Smith a écrit :

> Please update the registration for the text/html media type to reference
> the HTML5 specification instead of RFC 2854.
> ---------------------------------------------------------------------------
> Type name:
>  text
> Subtype name:
>  html
> Required parameters:
>  No required parameters
> Optional parameters:
>  charset
>    The charset parameter may be provided to definitively specify the
>    document's character encoding, overriding any character encoding
>    declarations in the document. The parameter's value must be the name of
>    the character encoding used to serialize the file, must be a valid
>    character encoding name, and must be an ASCII case-insensitive match
>    for the preferred MIME name for that encoding. [IANACHARSET]
> Encoding considerations:
>  8bit (see the section on character encoding declarations)
> Security considerations:
>  Entire novels have been written about the security considerations that
>  apply to HTML documents. Many are listed in this document, to which the
>  reader is referred for more details. Some general concerns bear
>  mentioning here, however:
>  HTML is scripted language, and has a large number of APIs (some of which
>  are described in this document). Script can expose the user to potential
>  risks of information leakage, credential leakage, cross-site scripting
>  attacks, cross-site request forgeries, and a host of other problems.
>  While the designs in this specification are intended to be safe if
>  implemented correctly, a full implementation is a massive undertaking
>  and, as with any software, user agents are likely to have security bugs.
>  Even without scripting, there are specific features in HTML which, for
>  historical reasons, are required for broad compatibility with legacy
>  content but that expose the user to unfortunate security problems. In
>  particular, the img element can be used in conjunction with some other
>  features as a way to effect a port scan from the user's location on the
>  Internet. This can expose local network topologies that the attacker
>  would otherwise not be able to determine.
>  HTML relies on a compartmentalization scheme sometimes known as the
>  same-origin policy. An origin in most cases consists of all the pages
>  served from the same host, on the same port, using the same protocol.
>  It is critical, therefore, to ensure that any untrusted content that
>  forms part of a site be hosted on a different origin than any sensitive
>  content on that site. Untrusted content can easily spoof any other page
>  on the same origin, read data from that origin, cause scripts in that
>  origin to execute, submit forms to and from that origin even if they are
>  protected from cross-site request forgery attacks by unique tokens, and
>  make use of any third-party resources exposed to or rights granted to
>  that origin.
> Interoperability considerations:
>  Rules for processing both conforming and non-conforming content are
>  defined in the HTML5 specification.
> Published specification:
>  This HTML5 specification is the relevant specification. Labeling a
>  resource with the text/html type asserts that the resource is an HTML
>  document using the HTML syntax.
> Applications that use this media type:
>  Web browsers, tools for processing Web content, HTML authoring tools,
>  search engines, validators.
> Additional information:
>  Magic number(s):
>    No sequence of bytes can uniquely identify an HTML document. More
>    information on detecting HTML documents is available in the Media Type
>    Sniffing specification.
>    File extension(s):
>      "html" and "htm" are commonly, but certainly not exclusively, used as
>      the extension for HTML documents.
>    Macintosh file type code(s):
>      TEXT
> Person & email address to contact for further information:
>   Michael[tm] Smith <>
> Intended usage:
>  Common
> Restrictions on usage:
>  No restrictions apply.
> Author:
>  Ian Hickson <>
> Change controller:
>  W3C
> Fragment identifiers used with text/html resources either refer to the
> indicated part of the document or provide state information for in-page
> scripts.
> ---------------------------------------------------------------------------
> -- 
> Michael[tm] Smith
> _______________________________________________
> ietf-types mailing list