Follow up: How to write a Linux virus

> But HTML, PostScript, PDF and media files are content files.
> .desktop files should really be treated as scripts because that's exactly what they are.

Do I need this feature at all? Sounds like something I would prefer totally disabled. If the DE is allowing scripts to masquerade as content, then it's a bug, and if the DE relies on arbitary code execution scripts to function it appears to me to be poor design.

The problem is, how do you avoid content file formats being extended, with facilities like scripting?

Relying on user's not being gullible to avoid giving execute permission, is of limited value. The real problem goes deeper, hence the discussion of sand-boxing.

The data is tainted, the way to untaint it is via validation by trusted code.