Adam Barth wrote: > ... >> 4. Are there any best-practice guidelines for working with users? E.g. >> allowing a user to choose "text/html" for unmarked content might be a >> security hazard. We don't want specific user interface requirements, but >> this document seems like a good place to extend security considerations to >> getting input from users, if there are such guidelines. > > As far as I know, none of the major implementations of content > sniffing provide user overrides. This is in contrast to charset > detection, where most major implementations let the user override. (I > believe this is because charsets are a huge mess in Asia.) I think it > makes sense to discuss this in the draft. I'll add it to the next > version. > ... I think that is incorrect; it even has been discussed over here in this very context: <http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0173.html> and <http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx#364853> BR, JulianReceived on Tuesday, 7 April 2009 07:03:43 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC