W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Questions about draft-abarth-mime-sniff-00

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 07 Apr 2009 09:02:52 +0200
Message-ID: <49DAFA9C.1040301@gmx.de>
To: Adam Barth <w3c@adambarth.com>
CC: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>, HTTP Working Group <ietf-http-wg@w3.org>
Adam Barth wrote:
> ...
>> 4.  Are there any best-practice guidelines for working with users?  E.g.
>> allowing a user to choose "text/html" for unmarked content might be a
>> security hazard.  We don't want specific user interface requirements, but
>> this document seems like a good place to extend security considerations to
>> getting input from users, if there are such guidelines.
> 
> As far as I know, none of the major implementations of content
> sniffing provide user overrides.  This is in contrast to charset
> detection, where most major implementations let the user override.  (I
> believe this is because charsets are a huge mess in Asia.)  I think it
> makes sense to discuss this in the draft.  I'll add it to the next
> version.
> ...

I think that is incorrect; it even has been discussed over here in this 
very context:

<http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0173.html>

and

<http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx#364853>

BR, Julian
Received on Tuesday, 7 April 2009 07:03:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:02 GMT