Re: XSS through content-sniffing: good case for CSP sandbox directive from Adam Barth on 2012-03-13 (public-webappsec@w3.org from March 2012)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 12 Mar 2012 18:00:56 -0700
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAJE5ia84t3kkvPVLvuT0U29t7_UH8CfLuUQfAu9SsKOsswShJQ@mail.gmail.com>

On Mon, Mar 12, 2012 at 5:54 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> http://www.garage4hackers.com/f11/gmail-xss-vulnerability-through-content-sniffing-2094.html?postcount=1
>
> A good example of the type of bug we could reduce the impact of with a
> sandbox directive in CSP.

Or IE could just implement http://mimesniff.spec.whatwg.org/ and avoid
all these vulnerabilities.

Adam

Received on Tuesday, 13 March 2012 01:01:58 UTC