W3C home > Mailing lists > Public > www-tag@w3.org > December 2009

Re: Sniffing and HTTP-bis (ACTION-309)

From: Henry S. Thompson <ht@inf.ed.ac.uk>
Date: Sun, 06 Dec 2009 13:57:41 +0000
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Tim Berners-Lee <timbl@w3.org>, Jonathan Rees <jar@creativecommons.org>, David Booth <david@dbooth.org>, www-tag@w3.org
Message-ID: <f5bbpic2oiy.fsf@hildegard.inf.ed.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Reschke writes:

>> ...
>> So, what's interesting about this to me is that
>>  a) Adam Barth's current mime-sniff draft [1] rules it out (because
>>     text/plain to text/html is classified as privilege escalation,
>>     because text/html is 'scriptable');
>
> But as far as I understand it it *does* sniff text/plain as text/html
> in some cases (when certain control characters are found in the right
> place).

Please walk us through this path in the draft, because I just reviewed
it again and convinced myself that it couldn't happen.

ht
- -- 
       Henry S. Thompson, School of Informatics, University of Edinburgh
                         Half-time member of W3C Team
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
                       URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFLG7hVkjnJixAXWBoRApkfAJ9aCpffdBfkcv5cIwtq85isYf3I9gCbBpTE
0fqB1+kz6LclAIx8ZxZI7OE=
=3bZS
-----END PGP SIGNATURE-----
Received on Sunday, 6 December 2009 13:58:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:18 GMT