[Standards-JIG] JEP-0071: image security considerations

Peter Saint-Andre stpeter at jabber.org
Mon Jun 5 15:08:12 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nolan Eakins wrote:
> Peter Saint-Andre wrote:
>>> Because of security concerns related to images, an implementation MAY
>>> choose not to show images but instead show only the 'alt' text, and MUST
>>> enable a human user to disable the showing of images.
>>>
>>> ***
>>>
>>> Thoughts?
> 
> Should JEPs be limited to only describing the protocol and not a
> client's UI? I'm not going to check, but I would imagine that the HTML
> specs don't specify that the user should be able to disable images even
> though typical browsers allow that.
> 
> My opinion is that JEPs that describe protocols should only describe
> protocols. I'll leave it for another discussion as to whether or not we
> want to standardize UIs.

The fact that the W3C's HTML/XHTML specifications contain weak security
consideration sections is no reason for the JSF's specifications to be
written in that way.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhEjcNF1RSzyt3NURAtzzAJ9nFRIf2khYrX36lzptP3fSGEukIgCgt+K6
jr+avfwhq/WvHyl5YYr+cvU=
=yWAK
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060605/f33b816c/attachment.bin>


More information about the Standards mailing list