Re: Questions about draft-abarth-mime-sniff-00

Adam Barth wrote:
> ...
>> 4.  Are there any best-practice guidelines for working with users?  E.g.
>> allowing a user to choose "text/html" for unmarked content might be a
>> security hazard.  We don't want specific user interface requirements, but
>> this document seems like a good place to extend security considerations to
>> getting input from users, if there are such guidelines.
> 
> As far as I know, none of the major implementations of content
> sniffing provide user overrides.  This is in contrast to charset
> detection, where most major implementations let the user override.  (I
> believe this is because charsets are a huge mess in Asia.)  I think it
> makes sense to discuss this in the draft.  I'll add it to the next
> version.
> ...

I think that is incorrect; it even has been discussed over here in this 
very context:

<http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0173.html>

and

<http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx#364853>

BR, Julian

Received on Tuesday, 7 April 2009 07:03:43 UTC