- From: Larry Masinter <masinter@adobe.com>
- Date: Fri, 22 Jan 2010 17:09:48 -0800
- To: "Eric J. Bowman" <eric@bisonsystems.net>, David Booth <david@dbooth.org>
- CC: "www-tag@w3.org" <www-tag@w3.org>
Uh... interesting that you think so, but ... anyone else ever hear of "content-script-type"? Larry -- http://larry.masinter.net -----Original Message----- From: Eric J. Bowman [mailto:eric@bisonsystems.net] Sent: Friday, January 22, 2010 3:34 PM To: David Booth Cc: Larry Masinter; www-tag@w3.org Subject: Re: comments on draft-abarth-mime-sniff-03 David Booth wrote: > > FWIW, I also posted some comments on draft-abarth-mime-sniff-03: > http://www.ietf.org/mail-archive/web/apps-discuss/current/msg01262.html > Regarding: "But they do not distinguish plain HTML from HTML that embeds JavaScript or other scripting languages. This forces us to paint plain HTML with the same security brush as we paint JavaScript, and this seems wrong." FWIW, this distinction can be made by sending a "Content-Script-Type: application/javascript" (or other script type) header. -Eric
Received on Saturday, 23 January 2010 03:06:05 UTC