G The application/xquery Media Type

This Appendix specifies the media type for XQuery Version 1.0. XQuery is a language for querying over collections of data from XML data sources, as specified in the main body of this document. This media type is being submitted to the IESG (Internet Engineering Steering Group) for review, approval, and registration with IANA (Internet Assigned Numbers Authority.)

G.1 Introduction

This document, found at http://www.w3.org/TR/xquery/, together with its normative references, defines the language XQuery Version 1.0. This Appendix provides information about the application/xquery media type, which is intended to be used for transmitting queries written in the XQuery language.

This document was prepared by members of the W3C XML Query Working Group. Please send comments to public-qt-comments@w3.org, a public mailing list with archives at http://lists.w3.org/Archives/Public/public-qt-comments.

G.2 Registration of MIME Media Type application/xquery

MIME media type name: application

MIME subtype name: xquery

Required parameters: none

Optional parameters: none

The syntax of XQuery is expressed in Unicode but may be written with any Unicode-compatible character encoding, including UTF-8 or UTF-16, or transported as US-ASCII or ISO-8859-1 with Unicode characters outside the range of the given encoding represented using an XML-style ෝ syntax.

G.2.1 Interoperability Considerations

None known.

G.2.2 Applications Using this Media Type

The public XQuery Web page lists more than two dozen implementations of the XQuery language, both proprietary and open source.

This media type is registered to allow for deployment of XQuery on the World Wide Web.

G.2.3 File Extensions

The most common file extensions in use for XQuery are .xq and .xquery.

The appropriate Macintosh file type code is TEXT.

G.2.4 Intended Usage

The intended usage of this media type is for interchange of XQuery expressions.

G.2.5 Author/Change Controller

XQuery was produced by, and is maintained by, the World Wide Web Consortium's XML Query Working Group. The W3C has change control over this specification.

G.3 Encoding Considerations

For use with transports that are not 8-bit clean, quoted-printable encoding is recommended since the XQuery syntax itself uses the US-ASCII-compatible subset of Unicode.

An XQuery document may contain an encoding declaration as part of its version declaration:

xquery version "3.1" encoding "utf-8";

G.4 Recognizing XQuery Files

An XQuery file may have the string xquery version "V.V" near the beginning of the document, where "V.V" is a version number. Currently the version number, if present, must be "1.0" , "3.0", or "3.1" .

G.5 Charset Default Rules

XQuery documents use the Unicode character set and, by default, the UTF-8 encoding.

G.6 Security Considerations

Queries written in XQuery may cause arbitrary URIs or IRIs to be dereferenced. Therefore, the security issues of [RFC3987] Section 8 should be considered. In addition, the contents of resources identified by file: URIs can in some cases be accessed, processed and returned as results. XQuery expressions can invoke any of the functions defined in [XQuery and XPath Functions and Operators 4.0]. For example, the fn:doc() and fn:doc-available() functions allow local filesystem probes as well as access to any URI-defined resource accessible from the system evaluating the XQuery expression. The fn:transform() function allows calls to URI-identified XSLT transformations which may in turn call external extension functions and access or write to the file system. The fn:transform() function should be sandboxed or disabled if untrusted queries are run.

XQuery is a full declarative programming language, and supports user-defined functions, external function libraries (modules) referenced by URI, and system-specific "native" functions.

Arbitrary recursion is possible, as is arbitrarily large memory usage, and implementations may place limits on CPU and memory usage, as well as restricting access to system-defined functions.

The optional XQuery Update Facility allows XQuery expressions to create and update persistent data, potentially including writing to arbitrary locations on the local filesystem as well as to remote URIs. Untrusted queries should not be given write access to data.

Furthermore, because the XQuery language permits extensions, it is possible that application/xquery may describe content that has security implications beyond those described here.