W3C home > Mailing lists > Public > public-web-security@w3.org > January 2010

Re: text/sandboxed-html

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Tue, 26 Jan 2010 14:14:27 -0800
Message-ID: <448e9a321001261414v1a026abercf5833a13034baa7@mail.gmail.com>
To: Collin Jackson <collin@collinjackson.com>
Cc: "Helen Wang (MSR)" <helenw@microsoft.com>, "public-web-security@w3.org" <public-web-security@w3.org>
> I have been unable to find any existing browsers that are willing to
> sniff text/html-sandboxed as HTML. I have tried various versions of
> IE, Firefox, Google Chrome, Safari, and Opera.

I am pretty sure that MSIE will sniff it if a trailing /foo.html or
;foo.html segment is spotted in the path. Because of mechanisms such
as Apache PATH_INFO or PHP parameter passing rules, such trailing
segments can often be appended freely.

MSIE6 also sniffed HTML on unknown MIME types when foo=bar.html
appeared in query parameters.

Received on Tuesday, 26 January 2010 22:15:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:17 UTC