Resolved as per: http://www3.tools.ietf.org/wg/httpbis/trac/ticket/20#comment:4 On 05/02/2008, at 7:03 AM, Henrik Nordström wrote: > > tor 2008-01-24 klockan 11:30 -0500 skrev Yves Lafon: > >> It would be a nice addition to describe the issue in general, not >> only for >> HTML content, when UA are into the "content sniffing" business. It >> fits >> well in the security section of HTTP. >> >> The specific case of HTML needs also to be explained, but has its >> place in >> a document reserved for browser implementors. I am pretty sure >> there is >> already one that can be extended that way. > > Adding a note in security considerations mentioning why servers > explicit > intentions on content-type and/or charset or encoding MUST NOT be > secondguessed by sniffing sounds like a good idea to me. > > Regards > Henrik -- Mark Nottingham http://www.mnot.net/Received on Tuesday, 5 February 2008 15:35:06 UTC
This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:03:20 UTC