W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 28 Nov 2012 22:42:29 -0800
Message-ID: <CALx_OUDwMNkfZ4J03BVJ1ByJ2t1PKSs8wq4wCKPZNM+RbC3WAA@mail.gmail.com>
To: "Gordon P. Hemsley" <gphemsley@gmail.com>
Cc: whatwg List <whatwg@whatwg.org>
There are substantial negative security consequences to sniffing
content on MIME types that are commonly used as default fallback
values by web servers or web application developers. This includes
text/plain and application/octet-stream.

/mz
Received on Thursday, 29 November 2012 06:57:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:11 GMT