Re: NEW ISSUE: content sniffing

On Wed, Apr 1, 2009 at 8:05 AM, Bil Corry <> wrote:
> I don't know if it has changed, but Internet Explorer will sniff when no mime-type is
> provided, or when the mime type is something IE knows about:

Internet Explorer has the most aggressive content sniffing algorithm.
Evidence is that we can be far less aggressive and still be
sufficiently compatible with existing Web content.

> IE will sniff images and render them as HTML if it believes they're actually HTML:

This is no longer the case in Internet Explorer 8 (due to security concerns).

> Microsoft tried turning off mime sniffing for plain/text and it broke a bunch of sites:

The handling of text/plain is the most contentious point in the
content sniffing algorithm.  I suspect text/plain will be the last
MIME type to be handled uniformly across user agents.

> Undoubtedly, that was the impetus for adding the flag to turn off content sniffing.  I think
> it's safe to assume content sniffing in IE won't be going away any time soon.

Indeed.  Every major browser (not just IE) employs content sniffing.
Content sniffing appears to be required to correctly handle
approximately 1% of HTTP responses.  Turning off content sniffing
entirely breaks major Web sites.


Received on Wednesday, 1 April 2009 16:10:40 UTC