W3C home > Mailing lists > Public > public-html@w3.org > August 2008

Re: Postscript is not scriptable? (2.7.4 Content-Type sniffing)

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 29 Aug 2008 20:52:14 +0000 (UTC)
To: Dan Connolly <connolly@w3.org>
Cc: "public-html@w3.org WG" <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0808292050540.7044@hixie.dreamhostps.com>

On Fri, 29 Aug 2008, Dan Connolly wrote:
> 
> I'm trying to understand the table in 2.7.4 Content-Type sniffing.
> 
> application/postscript has "Safe" in the "Security" column.
> 
> Is that a typo?

That just means that sniffing that type when the file is labeled as 
text/plain but is found to contain binary data of some kind isn't a 
privilege escalation risk.

Is that wrong?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 29 August 2008 20:52:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:22 GMT