- From: David Woolley <david@djwhome.demon.co.uk>
- Date: Mon, 13 Oct 2003 08:16:11 +0100 (BST)
- To: www-svg@w3.org
On about Thursday last week, Adobe re-issued their SVG plugin with a number of serious security flaws fixed. In connection with one of the (lesser) flaws, they said that people should use EMBED rather than OBJECT, and the wording suggested that it was their standard advice to use proprietary HTML with their plugin; there was no indication that EMBED was proprietory. (The specific issue is that they can apparently sense the effect of the user's policy on scripting with EMBED, but not with OBJECT, so they have unconditionally disabled scripting with OBJECT.) Another news item last week throws serious doubt on the viability of any plugin based option for SVG for use in non-scripted contexts (e.g. as a replacement for GIF for straightforward line art images). As a work around for the EOLAS patent, IE will prompt every time before running a plugin unless the resource is provided as a data: scheme URL, or the object is initialised using DOM manipulation (by code from the remote site). (In respect of the last, I don't believe software patents create the innovation that is the justification for governments having patent laws. In this case the innovation has been in ways of avoiding the patent, but which are generally detrimental to the web; they have not been in potentially better ways of achieving the same thing.)
Received on Monday, 13 October 2003 03:17:46 UTC