On Wed, 20 Oct 1999 08:29:36 PDT, "Jeff Stephenson (Exchange)"
<jeffstep(_at_)EXCHANGE(_dot_)MICROSOFT(_dot_)com> said:
between text/html and application/html. I'm certainly not going to forgo a
sandbox just because the (possibly malicious) sender says "trust me - this
is static content". Since there would be no change in behavior, I don't see
why a distinction would be useful.
The distinction is useful in that if it says up front "I have active content",
I can say "forget this, I'm not launching an HTML viewer" and skip all the
resource expense of finding out that it is/isnt static content.
Would there be more support for a parameter on the text/html, specifying
what active features, if any, were included?
Note that I am *NOT* denying that the HTML viewer will need to be sandboxed.
What I want is a way up front for the HTML to say "I will try to do at least
THIS much, don't bother if you're not willing". Note that this *DOES* have
implications for display for a multipart/alternative - I've gotten more than
one piece of mail that had both text/html and text/plain, where the HTML
was chosen but was then failed by the HTML viewer - if it had been tagged
correctly, my MUA could have gone straight to text/plain.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpn5GjcvuFoT.pgp
Description: PGP signature