Hi, On Mar 19, 2026, at 12:45, Mukund Sivaraman <[email protected]> wrote: > I don't follow. Without considering transport security, what risk is > present from processing and displaying a freely formatted text message > generated by an NS for its clients (with additional hyperlinks added) > that cannot exist in every other webpage on the internet that is > displayed to users? A browser can escape or reject junk in EXTRA-TEXT.
this is not "every other web page". This content will be shown in a highly security-related context, and it is critical that the user agent has full control over what is shown to the user. (Never mind other issues such as localization.) Let me turn this around and ask you what you think is lost by eliminating arbitrary content? Thanks, Lars _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
