- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Sun, 24 Jan 2010 09:45:14 -0600
- To: Leonard Rosenthol <lrosenth@adobe.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
On Sun, Jan 24, 2010 at 7:37 AM, Leonard Rosenthol <lrosenth@adobe.com> wrote: > The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(. That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins). Is this an attack to worry about? A renegade server or proxy can do *anything it wants* to the data passing through it over http; worrying about one swapping mimetypes so that plugins don't work seems like vacuuming a desert - there's still plenty of sand left over no matter what you do. ~TJ
Received on Sunday, 24 January 2010 15:46:01 UTC