On Thu, 4 May 2023 at 15:06, <[email protected]> wrote: > Version 0.1.0 of XEP-0481 (Content Types in Messages) has been > released. >
This is weirdly horrible. * First and foremost, it falls into a general trap that's open to abuse by malicious actors, by having a message whose content will be interpreted differently by different clients. This has been used by spammers and as a malware vector for decades. * Secondly, it has a weird edge case where a zero-length encoding of some data means by implication that the main body has that encoding; but otherwise it's assumed to be text/plain. * Thirdly, there's no content encoding, so it limits itself to being used for content types which can be inserted into a CDATA section. The XML example is spectacularly horrible as a result - imagine an XML-native transport layer that has to encode XML? Dave.
_______________________________________________ Standards mailing list -- [email protected] Info: Unsubscribe: %(real_name)s-unsubscribe@%(host_name)s _______________________________________________
