- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 5 Feb 2008 07:34:35 -0800
- To: Henrik Nordström <henrik@henriknordstrom.net>
- Cc: Yves Lafon <ylafon@w3.org>, Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
Resolved as per: http://www3.tools.ietf.org/wg/httpbis/trac/ticket/20#comment:4 On 05/02/2008, at 7:03 AM, Henrik Nordström wrote: > > tor 2008-01-24 klockan 11:30 -0500 skrev Yves Lafon: > >> It would be a nice addition to describe the issue in general, not >> only for >> HTML content, when UA are into the "content sniffing" business. It >> fits >> well in the security section of HTTP. >> >> The specific case of HTML needs also to be explained, but has its >> place in >> a document reserved for browser implementors. I am pretty sure >> there is >> already one that can be extended that way. > > Adding a note in security considerations mentioning why servers > explicit > intentions on content-type and/or charset or encoding MUST NOT be > secondguessed by sniffing sounds like a good idea to me. > > Regards > Henrik -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 5 February 2008 15:35:06 UTC