On 16 Jul 2000, at 11:52, Tom Neff wrote:
> Joe Smith <[EMAIL PROTECTED]> wrote:
> > On Wed, Jul 12, 2000 at 01:45:26PM -0400, Tom Neff wrote:
> > > I disagree, because MLM authors have a duty to avoid relying on
> > > dangerous syntaxes like BestServ's pointy-delimited ID string.
> >
> > What exactly is dangerous about angle brackets <> in the Subject: line?
>
> This was already explained, but to recap, some mail clients (notably various
> versions of AOL) will interpret HTML tags when displaying Subject (and
> possibly other) email headers. The potential effects range from visual
> annoyance to actual malicious behavior on the user's PC (see the February
> CERT advisory).
And you're telling me that because some mail clients have implemented
this *IMPROPER* behavior, _everyone_ is now obligated not to send a
message with a Subject: header that might look like an HTML tag? If they
wanted to implement an encoding scheme [I forget the syntax but it is
what you're supposed to do to signal, e.g., ISO-Latin in the Subject],
that'd be one thing, but to unilaterally decide "Subject headers are now
considered to be HTML and you guys [alll o fyou in the entire world]
better play along" strikes me that it should be *THEIR* problem, not
mine.
> As Adam Bailey points out, the Internet credo (honored in the breach by
> tiros) is liberal acceptance, conservative emission. In this case that
> means that what SHOULD happen is
> (a) email reading software should aggressively escape or "quote" HTML and
> similar markups found in incoming mail by default, rather than attempting to
> render them, except where the user has permitted otherwise;
What about something that might look like Postscript?? or LaTex? or
Nroff? Perhaps we should ban *ALL* punctuation and _only_ permit
uppercase A-Z and spaces??? What if it looks like a little chunk of
something uuencoded or base64 encoded??
> In this case, AOL made a mistake in their email reader, to be sure, and
> they'll probably get around to fixing it, but it takes a long time to
> upgrade millions of members and we cannot afford to hold our breaths for the
> duration.
This is a different argument: this doesn't say we should do whatever-it-
was because it was prudent, but rather because the agents that broke
things (who *OUGHT* to be bearing the burden of putting things aright)
can't easily fix it and we have to cope and survive...
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
