Hi, (crossposted to both the HTTPbis WG's and HTML5 WG's mailing lists...) looking at <http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx>: "MIME-Handling: Sniffing Opt-Out Next, we’ve provided web-applications with the ability to opt-out of MIME-sniffing. Sending the new authoritative=true attribute on the Content-Type HTTP response header prevents Internet Explorer from MIME-sniffing a response away from the declared content-type." Let's ignore the issue of inventing a new media type parameter for all new media types for a moment... It's good that MS recognizes that content-type-sniffing may be bad and that they are doing something about it. But is this really the right approach? BR, JulianReceived on Wednesday, 2 July 2008 20:53:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:52 GMT