tor 2008-01-24 klockan 11:30 -0500 skrev Yves Lafon: > It would be a nice addition to describe the issue in general, not only for > HTML content, when UA are into the "content sniffing" business. It fits > well in the security section of HTTP. > > The specific case of HTML needs also to be explained, but has its place in > a document reserved for browser implementors. I am pretty sure there is > already one that can be extended that way. Adding a note in security considerations mentioning why servers explicit intentions on content-type and/or charset or encoding MUST NOT be secondguessed by sniffing sounds like a good idea to me. Regards HenrikReceived on Tuesday, 5 February 2008 15:06:13 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 October 2011 12:14:00 GMT