- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 07 Apr 2009 09:02:52 +0200
- To: Adam Barth <w3c@adambarth.com>
- CC: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>, HTTP Working Group <ietf-http-wg@w3.org>
Adam Barth wrote: > ... >> 4. Are there any best-practice guidelines for working with users? E.g. >> allowing a user to choose "text/html" for unmarked content might be a >> security hazard. We don't want specific user interface requirements, but >> this document seems like a good place to extend security considerations to >> getting input from users, if there are such guidelines. > > As far as I know, none of the major implementations of content > sniffing provide user overrides. This is in contrast to charset > detection, where most major implementations let the user override. (I > believe this is because charsets are a huge mess in Asia.) I think it > makes sense to discuss this in the draft. I'll add it to the next > version. > ... I think that is incorrect; it even has been discussed over here in this very context: <http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0173.html> and <http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx#364853> BR, Julian
Received on Tuesday, 7 April 2009 07:03:43 UTC