Last Call Review of draft-ietf-dispatch-javascript-mjs-10
review-ietf-dispatch-javascript-mjs-10-secdir-lc-perlman-2021-11-18-00
| Request | Review of | draft-ietf-dispatch-javascript-mjs |
|---|---|---|
| Requested revision | No specific revision (document currently at 17) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-11-15 | |
| Requested | 2021-10-25 | |
| Authors | Matthew A. Miller , Myles Borins , Mathias Bynens , Bradley Farias | |
| I-D last updated | 2022-05-06 (Latest revision 2022-03-01) | |
| Completed reviews |
I18ndir Early review of -07
by John R. Levine
(diff)
Artart IETF Last Call review of -10 by Mark Nottingham (diff) Secdir IETF Last Call review of -10 by Radia Perlman (diff) Genart IETF Last Call review of -10 by Robert Sparks (diff) |
|
| Assignment | Reviewer | Radia Perlman |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-dispatch-javascript-mjs by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/cxNsPhC7GDW5nBrCAjA92zKiBhU | |
| Reviewed revision | 10 (document currently at 17) | |
| Result | Ready | |
| Completed | 2021-11-11 |
review-ietf-dispatch-javascript-mjs-10-secdir-lc-perlman-2021-11-18-00
Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This INFORMATIONAL document is intended to replace RFC 4329 (also INFORMATIONAL), updated to reflect current practice. The biggest change appears to be recommending that javascript, when embedded in html, should use the tag “text/javascript” rather than “application/javascript” while acknowledging that the two should be considered to be synonyms (along with text/ecmascript, text/javascript1.0, text/javascript1.1, text/javascript1.2, text/javascript1.3, text/javascript1.4, text/javascript1.5, text/jscript, text/livescript, text/x-javascript, text/x-ecmascript, application/x-javascript, application/x-ecmascript, and application/ecmascript). Security considerations notes that embedding javascript in html is dangerous and implementers should take care to see nothing bad happens.