W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 29 Nov 2012 01:48:46 -0500
Message-ID: <50B7054E.10801@mit.edu>
To: whatwg@lists.whatwg.org
On 11/29/12 1:30 AM, Gordon P. Hemsley wrote:
> Based on my reading of the source code, it seems that Gecko treats a
> resource served as 'application/octet-stream' as an unknown type which
> is sniffed as if no Content-Type was specified.

Only for media (<video> and <audio>) loads.  Note that the HTML spec 
requires this behavior for those.

> Are there security implications with doing this?

In general, yes.  Doing this for document loads would be a security 
nightmare, for example.

-Boris
Received on Thursday, 29 November 2012 07:16:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:11 GMT