[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shower thought: submit an IETF RFC to register Org as a MIME type
From: |
Andrea |
Subject: |
Re: Shower thought: submit an IETF RFC to register Org as a MIME type |
Date: |
Thu, 24 Sep 2020 22:25:04 +0200 |
User-agent: |
mu4e 1.2.0; emacs 26.3 |
Hi,
What are the pros?
About the cons: maybe we need to look more into the requirements.
I am looking at https://tools.ietf.org/html/rfc2048 and the one that
concerns me a little is 2.2.6: I guess somebody would need to write a
bit of docs about security concerns. Or you can go the way Markdown did
it: from https://tools.ietf.org/html/rfc7763#section-2
"Security considerations:
Markdown interpreted as plain text is relatively harmless. A text
editor need only display the text. The editor SHOULD take care to
handle control characters appropriately and to limit the effect of
the Markdown to the text-editing area itself; malicious Unicode-
based Markdown could, for example, surreptitiously change the
directionality of the text. An editor for normal text would
already take these control characters into consideration, however.
Markdown interpreted as a precursor to other formats, such as
HTML, carries all of the security considerations as the target
formats. For example, HTML can contain instructions to execute
scripts, redirect the user to other web pages, download remote
content, and upload personally identifiable information. Markdown
also can contain islands of formal markup, such as HTML. These
islands of formal markup may be passed as they are, transformed,
or ignored (perhaps because the islands are conditional or
incompatible) when the Markdown is processed. Since Markdown may
have different interpretations depending on the tool and the
environment, a better approach is to analyze (and sanitize or
block) the output markup, rather than attempting to analyze the
Markdown.
"
Do they have an org-babel?
Thanks,
Andrea