The real killer is HTML
Posted Jun 30, 2004 15:16 UTC (Wed) by iabervon
In reply to: The real killer is HTML
Parent article: The Grumpy Editor's guide to graphical mail clients
For that matter, executable code, hidden links and text, and display outside of the message area should be prohibited in web browsers as well. Why should the web be any less safe than our mailboxes?
I think HTML really ought to have three levels of functionality: non-interactive documents, documents you interact with in browser-controlled ways (forms), and documents with executable portions (scripts). Only the first of these should count as "text/html", since the others do not fit the definition of "text/*". Probably there ought to be MIME media types added for "form" and "script" (and, while we're at it "style").
HTML isn't really all that complicated if you force documents to be non-interactive, particularly now that experience with XML parsers has elucidated the proper representation for parsed documents. (SGML/HTML being essentially XML damaged in recoverable ways, and parsable by an XML parser that's willing to be not too picky)
to post comments)