- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Tue, 26 Jan 2010 14:14:27 -0800
- To: Collin Jackson <collin@collinjackson.com>
- Cc: "Helen Wang (MSR)" <helenw@microsoft.com>, "public-web-security@w3.org" <public-web-security@w3.org>
> I have been unable to find any existing browsers that are willing to > sniff text/html-sandboxed as HTML. I have tried various versions of > IE, Firefox, Google Chrome, Safari, and Opera. I am pretty sure that MSIE will sniff it if a trailing /foo.html or ;foo.html segment is spotted in the path. Because of mechanisms such as Apache PATH_INFO or PHP parameter passing rules, such trailing segments can often be appended freely. MSIE6 also sniffed HTML on unknown MIME types when foo=bar.html appeared in query parameters. /mz
Received on Tuesday, 26 January 2010 22:15:01 UTC