RE: html and active content.

a) too widely deployed, too late to change
b) nobody is going to bother scanning .HTM files to see whether
   they have active content
c) the recipient needs the sandbox in both cases anyway

Keith


I think all Keith's comments are relevant, but especially (c): I just don't
see how the receiving MUA would change its behavior based on the difference
between text/html and application/html.  I'm certainly not going to forgo a
sandbox just because the (possibly malicious) sender says "trust me - this
is static content".  Since there would be no change in behavior, I don't see
why a distinction would be useful.

-- jeff

<Prev in Thread]	Current Thread	[Next in Thread>
html and active content., Valdis . Kletnieks Re: html and active content., Keith Moore Re: html and active content., Daniel Glazman RE: html and active content., Jeff Stephenson (Exchange) <= Re: html and active content., Valdis . Kletnieks RE: html and active content., Rick Troth

Previous by Date:	Re: html and active content., Daniel Glazman
Next by Date:	Re: html and active content., Valdis . Kletnieks
Previous by Thread:	Re: html and active content., Daniel Glazman
Next by Thread:	Re: html and active content., Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]