Excerpts from direct: 31-Oct-91 Re: trojan horses in RFC XX.. Keith
Moore(_at_)cs(_dot_)utk(_dot_)edu (1574)
I realize it might take some careful analysis to identify the "safe"
subsets of postscript, tex, troff, or whatever. But I don't think we
can ignore the issue.
In fact, I suspect you will have to have full parsers (and in
PostScript's case, possibly a full interpreter) to be able to check this
"safe subset". I doubt that it is possible, in the context and
timeframe of RFC-XXXX, to identify safe subsets of these reasonably
complicated languages, and propose some mechanism for implementors of
UA's to follow. It may only be possible to say: richtext and
audio/basic and gif are safe; use the rest at your peril.
Bill