Eric Scheid wrote:
On 29/10/05 1:34 AM, "James M Snell" <[EMAIL PROTECTED]> wrote:
Some leakage could occur in those cases but is it severe
enough that we have to strictly regulate it?
what default do we want
1) leakage might occur if things not understood
2) leakage only when specified and when understood
the latter is more predictable.
the former tends to be more in line with the way things work on the Web
today. For instance, if I try to serve up a ruby rhtml in a webapp that
is not configured to understand ruby, I'm quite likely to end up seeing
the ruby code leak out to my browser [1]. There is no expectation that
the server is required to strip out what it does not understand.
[1] http://www.snellspace.com/public/test.rhtml
- James
