24891 – PostScript is technically scripted

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24891 - PostScript is technically scripted

Summary: PostScript is technically scripted

Status:	RESOLVED MOVED

Alias:	None

Product:	WHATWG
Classification:	Unclassified
Component:	MIME (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	Unsorted
Assignee:	Gordon P. Hemsley
QA Contact:	sideshowbarker+mimespec

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-02 08:17 UTC by Samuel Bronson
Modified:	2019-03-30 19:56 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Samuel Bronson 2014-03-02 08:17:36 UTC

You might want to say a word or two about why PostScript isn't gated by the sniff-scriptable flag, even though it is most certainly scripted.

In fact, it looks like GhostScript doesn't even default to -dSAFER (the flag that turns off the "read/write/rename/delete any file" and "run any command" facilities) yet, though gv(1) does.

Comment 1 Gordon P. Hemsley 2014-03-02 17:23:32 UTC

Hmm... PostScript has been marked as Safe since before I inherited the spec, so I just carried it through. I have no background on why it was marked as such, and your comment suggests that perhaps it should not be.

Comment 2 Anne 2019-03-30 19:56:05 UTC

https://github.com/whatwg/mimesniff/issues/100