- From: rugk <notifications@github.com>
- Date: Tue, 11 Dec 2018 09:03:54 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 11 December 2018 17:04:21 UTC
> Realistically, script and style are the important ones, and it's not clear to me that it's worth prioritizing work on things like nosniff support for images. :scream: You realize you introduced a security risk here? Actually also "HTML" can be a malicious mime type, as it can obviously embed JS. (Maybe also other types such as SVG?) See https://www.youtube.com/watch?v=dBJt3eR8-bg for a talk by @hannob on that subject. Please do watch the whole talk, it's good! :smile: -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/395#issuecomment-446280113
Received on Tuesday, 11 December 2018 17:04:21 UTC