[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: IESG expert review for the registration request "xliff+xml"
Hi David, all, below is some input.
Would write here: "Identical to those of "application/xml" as described in IETF RFC 3023, section 3.2, as applied to an XLIFF document."
I would write here: „An XLIFF document may cause arbitrary URIs or IRIs to be dereferenced, via the @@@ add here attributes that allow dereferencing @@@. Therefore, the security issues of [RFC 3987] Section 8 should be considered. In addition, the contents of resources identified by file: URIs can in some cases be accessed, processed and returned as results. Arbitrary recursion is possible, as is arbitrarily large memory usage, and implementations may place limits on CPU and memory usage, as well as restricting access to system-defined functions. XLIFF permit extensions. Hence it is possible that application/xliff+xml may describe content that has security implications beyond those described here.“ This is based on the ITS 2.0 media type registration which was accepted, so it should be OK. You need to fill in one blank. Best, Felix
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]