On Wed, 24 Mar 2010, Yves Lafon wrote: > 7.3 Media Type Issue > > If the Content-Type header field is present, a recipient which > interprets the underlying data in a way inconsistent with the > specified media type risks drawing incorrect conclusions. > > In practice, however, currently-deployed servers sometime provide a > Content-Type header which does not correctly identify the content > sent, with the result that some classes of recipients have adopted a > policy of examining the content and overriding the specified type. > > Deploying any heuristic for detecting mistaken Content-Types risks > overriding user intentions and misrepresenting data. It may also > significantly increase the security exposure ('privilege escalation'); > Such recipients SHOULD NOT override the specified type it there are wrong ^^^^ word > known security risks and they SHOULD provide for users to disable such > heuristic Content-Type detection. Nice artistic avoidance of the sniffword... I have no objection providing 'it' doesn't become something I haven't tried in context. Dave MorrisReceived on Thursday, 25 March 2010 00:38:35 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:17 GMT