David Powell wrote:
Assuming that the document's /html/head section is irrelevant and discarding it, even when the publisher has specifically used non-core types to send the full document, is second-guessing the user though.
Fair enough, but you could also say that anyone filtering out javascript and potentially harmful css is also second-guessing the publisher. Maybe they specifically wanted to annoy the user with a platypus attack or some such thing. If that's second-guessing then I'm all for it. What you're suggesting is kind of like having virus checking in your email that can be disabled by sending a message with a particular header.
It's always possible to add a save menu that would allow the user to save the full unfiltered document (along with a security warning) or an option to turn off security filtering for those that like living on the edge, but IMO the users' security should comes first. I appear to be in the minority here, but nobody has yet persuaded me that what I'm doing is a bad idea.
Eg: perhaps the publisher is attempting to send a HTML document that they saved in Word, full of CSS styles, that is intended for printing. [*]
If you need to include a document in full and unfiltered, the most sensible thing to do is add an enclosure or just a simple <a href>. That's the most direct route you can get from yourself to the user and you don't have to worry about gateways that might be converting from Atom to RSS, transcoders converting from UTF8 to GB2312, or security-concious aggregators stripping your css.
I agree that how you display such content is just an implementation choice, but if the publisher has specifically used a non-core type to label content, I think it is a better choice to just treat the content identically to any other non-core type, and probably display a download link.
Well I would display all non-core types inline if I could. I certainly display text/html and text/plain inline. When I get a chance I'll do the image/* types inline too. If possible I'd like to handle things like pdf, word and excel if there are plugins available. So technically I *am* treating the content identically to other non-core types. Displaying a download link would be the exception rather than the rule.
Regards James
