Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing from Michal Zalewski on 2012-11-29 (public-whatwg-archive@w3.org from November 2012)

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 28 Nov 2012 22:42:29 -0800
To: "Gordon P. Hemsley" <gphemsley@gmail.com>
Cc: whatwg List <whatwg@whatwg.org>
Message-ID: <CALx_OUDwMNkfZ4J03BVJ1ByJ2t1PKSs8wq4wCKPZNM+RbC3WAA@mail.gmail.com>

There are substantial negative security consequences to sniffing
content on MIME types that are commonly used as default fallback
values by web servers or web application developers. This includes
text/plain and application/octet-stream.

/mz

Received on Thursday, 29 November 2012 06:57:54 UTC