* Liam Quin wrote:
I.2 Registration of MIME Media Type application/xquery
Optional parameters: charset
The syntax of XQuery is expressed in Unicode but may be written with any
Unicode-compatible character encoding, including UTF-8 or UTF-16, or
transported as US-ASCII or Latin-1 with Unicode characters outside the
range of the given encoding represented using an XML-style ෝ
syntax.
If an XQuery document contains an encoding declaration, it overrides the
default encoding specified by the MIME charset parameter.
That's inconsistent with pretty much all other media types that allow a
charset parameter. What's the point of having a charset parameter here?
I.5 Charset Default Rules
XQuery documents use the Unicode character set and, by default, the
UTF-8 encoding.
That's incorrect then, it defaults to the character encoding specified
in the charset parameter (which then defaults to UTF-8).
I.6 Security Considerations
Queries written in XQuery may cause arbitrary URIs to be dereferenced.
Therefore, the security issues of [Uniform Resource Locators (URL)]
Section 6 should be considered. In addition, the contents of file: URIs
can in some cases be accessed, processed and returned as results.
Furthermore, because the XQuery language permits extensions, it is
possible that application/xquery may describe content that has security
implications beyond those described here.
The XML Query Working group is working on a facility to allow XQuery
expressions to be used to create and update persistent data. Untrusted
queries should not be given write access to data.
Compared to http://www.ietf.org/rfc/rfc2046.txt section 4.5.2 this seems
very incomplete...
**** Registration for application/xquery+xml also at [4]
C The application/xquery+xml Media Type (Non-Normative)
Non-Normative? Is there a normative version of this text?
--
Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de ·
http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/