Expanded registrations for KOffice mime types
Marc Mutz
mutz at kde.org
Thu May 23 23:54:18 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 23 May 2002 23:42, Nicolas Goutte wrote:
> I am sorry to be picky again!
You're welcome... ;-)
> "ZIP archives, XML files and supported image files"
>
> Do WMF (Windows Meta Files) count as images too? What is the security
> status of those?
>
> As far as I know, KPresenter is prepared to have sound files. This
> should perhaps be noted too, shouldn't it?
<snip>
> On Thursday 23 May 2002 21:36, Marc Mutz wrote:
> (...)
> > As of this writing, KWord documents do not contain any
> > active content. As such, it is believed that usage of this mimetype
> > does not introduce security concerns other than those already
> > inherent in ZIP archives, XML files and supported image files.
> (...)
Hmm, of course. There opens a can of worms:
What about e.g. SVG images with embedded JavaScript? How do you want to
handle those? Allow it? Ignore the JavaScript? Strip it off before
including it in the KApp document?
More generally: Is there a KOffice policy regarding external content
that may have embedded active content? (PostScript is known to be able
to do nasty things like IIRC accessing the local file system when
interpreted)
Marc
- --
Marc Mutz <mutz at kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE87XMa3oWD+L2/6DgRAinXAKD3iYIVUGKHFbxZsn3nSH+gSnr3SACg1euK
TDMzdfC4eUjt8Nf/KBPlgnc=
=j6j4
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list