hisold4d ago

RE: https://mastodon.online/@rfceditor/115985427479488909

IETF RFCs can now include #SVG drawings.

"SVG drawings may be included in RFCs to help explain a concept more clearly, but they should not be the only representation of that concept."

RFC 9896 defines several limitations such as no animations and no scripts. Regular SVGs can contain #JavaScript in a <script> tag just like HTML.

Show threadKevin Karhan 

Addendum: I was wrong.
Thanks for correcting me everyone!

@hisold WTF?

WHO AT #IETF decided to allow this #Enshittification???

#JavaScript is malware and #JS does not belong into any #RFC!!!

Feb 2 at 1:55amWeb
Show threadRed Rozenglass3d ago
@hisold@toot.io @kkarhan@infosec.space Don't worry friend. There won't be JS in RFCs. The RFC[1] says:
SVG drawings must not contain executable script.
When the post above says "Regular SVG", they mean SVG on the web, etc. allows scripts, but the policy for using them in RFCs forbids that.

[1]: https://www.rfc-editor.org/rfc/rfc9896.html
RFC 9896: SVG in RFCs

This document defines policy for the inclusion of Scalable Vector Graphics (SVG) in the definitive versions of RFCs and relevant publication formats. It contains policy requirements from RFC 7996 but removes all requirements related to using a specific SVG profile or implementation code. It also makes the RFC Production Center (RPC) responsible for decisions about SVG tooling and implementation. This document obsoletes RFC 7996.

Show threadKevin Karhan 3d ago

@rozenglass @hisold oh good...

Still, it's gonna make things less accessible

Show threadhisold3d ago
@kkarhan @rozenglass I've wrote "RFC 9896 defines several limitations such as no animations and no scripts." just before mentioning JS. I thought that was clear enough.
Show threadKevin Karhan 3d ago
@hisold @rozenglass sry. My fault...
https://infosec.space/@kkarhan/115998543345965945
Kevin Karhan :verified: (@kkarhan@infosec.space)

Addendum: I was wrong. Thanks for correcting me everyone! @hisold@toot.io WTF? WHO AT #IETF decided to allow this #Enshittification??? #JavaScript is malware and #JS does not belong into any #RFC!!!

Infosec.Space