IETF Logo Mail Archive

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

Liam Quin <liam@w3.org> Mon, 11 July 2005 15:17 UTC

Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6BFHQCV055178; Mon, 11 Jul 2005 08:17:26 -0700 (PDT) (envelope-from owner-ietf-xml-mime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6BFHQ6O055177; Mon, 11 Jul 2005 08:17:26 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-xml-mime@mail.imc.org using -f
Received: from homer.w3.org (homer.w3.org [128.30.52.30]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6BFHPV2055170 for <ietf-xml-mime@imc.org>; Mon, 11 Jul 2005 08:17:25 -0700 (PDT) (envelope-from liam@w3.org)
Received: by homer.w3.org (Postfix, from userid 16040) id 6FD124F061; Mon, 11 Jul 2005 11:17:24 -0400 (EDT)
Date: Mon, 11 Jul 2005 11:17:24 -0400
From: Liam Quin <liam@w3.org>
To: John Cowan <jcowan@reutershealth.com>
Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
Subject: Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX
Message-ID: <20050711151724.GC5665@w3.org>
References: <425e9d44.15417140@smtp.bjoern.hoehrmann.de> <20050517180227.GA10669@w3.org> <20050519101540.67F4.MURATA@hokkaido.email.ne.jp> <20050519143859.GA27635@w3.org> <20050519174534.GD2322@skunk.reutershealth.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20050519174534.GD2322@skunk.reutershealth.com>
X-Feet: bare, comfortable. happy and free!
User-Agent: Mutt/1.5.9i
Sender: owner-ietf-xml-mime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-xml-mime/mail-archive/>
List-ID: <ietf-xml-mime.imc.org>
List-Unsubscribe: <mailto:ietf-xml-mime-request@imc.org?body=unsubscribe>

On Thu, May 19, 2005 at 01:45:35PM -0400, John Cowan wrote:
> Liam Quin scripsit:
>>  Interchange of a database query language over the Web in its own
>>  Internet Type is likely for machine execution or to interchange
>>  files, not for reading by humans, as then text/plain might be
>>  more appropriate... but this is conjecture on my part right now.
> 
> FWIW, I think this is a Bad Thing.  Programming language content should
> go in text/plain files (despite the nasty problem with the encoding
> type imposed by text/*), so as to *discourage* browsers from attempting
> to execute them, which is a big fat security hole.

Execution of a query in this context could better be written as
evaluation of an expression; the side-effects in XQuery are very
limited, although I agree that whenever code is executed remotely
there are some serious security concerns.

> The use of text/css in HTML link elements and XML stylesheet PIs is
> essentially a hack so that browsers can decide whether to fetch the
> stylesheet, and is not consistent with the intention of IETF media
> types, which are designed to specify a minimal mapping from raw
> octets to interpretable objects such as characters or pixels.

I think this is a different case -- tect/css is a subsidiary document,
and the "type=" pseudo-attribute in a processing instruction is only
(I believe) there because the work predated widespread adoption of
XML namespaces.

Here, the XML Query document is likely to be the primary object
of transfer, not a subsidiary that applies to something else.

> Unless it was by accident that I had            John Cowan
> offended someone, I never apologized.           jcowan@reutershealth.com
>         --Quentin Crisp                         http://www.ccil.org/~cowan

Oh to be on the same page as Quentin Crisp, there can be
no higher honour!

Liam

-- 
Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/
http://www.holoweb.net/~liam/

v2.23.0 | Report a Bug | By Email