ietf-xml-mime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

2005-04-07 13:28:41
from [Bjoern Hoehrmann] [Permanent Link] 

* Liam Quin wrote:

I.2 Registration of MIME Media Type application/xquery



Optional parameters: charset

The syntax of XQuery is expressed in Unicode but may be written with any
Unicode-compatible character encoding, including UTF-8 or UTF-16, or
transported as US-ASCII or Latin-1 with Unicode characters outside the
range of the given encoding represented using an XML-style &#xddd;
syntax.



If an XQuery document contains an encoding declaration, it overrides the
default encoding specified by the MIME charset parameter.


That's inconsistent with pretty much all other media types that allow a
charset parameter. What's the point of having a charset parameter here?


I.5 Charset Default Rules

XQuery documents use the Unicode character set and, by default, the
UTF-8 encoding.


That's incorrect then, it defaults to the character encoding specified
in the charset parameter (which then defaults to UTF-8).


I.6 Security Considerations

Queries written in XQuery may cause arbitrary URIs to be dereferenced.
Therefore, the security issues of [Uniform Resource Locators (URL)]
Section 6 should be considered. In addition, the contents of file: URIs
can in some cases be accessed, processed and returned as results.

Furthermore, because the XQuery language permits extensions, it is
possible that application/xquery may describe content that has security
implications beyond those described here.

The XML Query Working group is working on a facility to allow XQuery
expressions to be used to create and update persistent data. Untrusted
queries should not be given write access to data.


Compared to http://www.ietf.org/rfc/rfc2046.txt section 4.5.2 this seems
very incomplete...


**** Registration for application/xquery+xml also at [4]

C The application/xquery+xml Media Type (Non-Normative)


Non-Normative? Is there a normative version of this text?
-- 
Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de · 
http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  W3C Last Call and Media Type request for comments: XQuery and XQueryX, Liam Quin
Next by Date:  RE: W3C Last Call and Media Type request for comments: XQuery andXQueryX, Larry Masinter
Previous by Thread:  W3C Last Call and Media Type request for comments: XQuery and XQueryX, Liam Quin
Next by Thread:  Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX, Liam Quin
Indexes:  [Date] [Thread] [Top] [All Lists]