Re: NEW ISSUE: content sniffing

On 31 Mar 2009, at 21:37, David Morris wrote:

> On Tue, 31 Mar 2009, Adam Barth wrote:
>> On Tue, Mar 31, 2009 at 12:51 PM, Mark Baker <> wrote:
>>> On Tue, Mar 31, 2009 at 3:37 PM, Adam Barth <>  
>>> wrote:
>>>> When different user agents use different sniffing algorithms,  
>>>> content
>>>> authors pay a large cost, both in terms of compatibility and in  
>>>> terms
>>>> of security.  For user agents that wish to perform sniffing, I  
>>>> think
>>>> we'd be doing the Web a service by specifying which algorithm they
>>>> should use.
>>> I agree, which is why I suggested a link from 2616bis to the
>>> algorithm.  Do you feel that to be insufficient?  If so, why?
>> I don't have a strong opinion about which document should contain the
>> algorithm, but I think we're better off making the algorithm  
>> normative
>> (for those agents that wish to sniff) rather than informative.  That
>> will help prevent developers of sniffing user agents from  
>> implementing
>> divergent sniffing algorithms.
> I disagree ... encoding what is essentially a heuristic algorithm  
> which will need to change as content types morph into standard  
> status is the
> wrong thing to do. Certainly in the HTTP standard.

But the Content-Type sniffing algorithms used in browsers have pretty  
much stagnated. They rarely change, and when they do, it is normally  
to get closer to interoperability. I don't think they change enough  
for it to be an issue. Ideally we probably want the algorithms to get  
frozen where they are now, where they are required for compatibility,  
and never sniff more types.

Geoffrey Sneddon

Received on Wednesday, 1 April 2009 13:43:26 UTC