On Tue, Apr 7, 2009 at 10:48 PM, Adam Barth <w3c@adambarth.com> wrote: > On Tue, Apr 7, 2009 at 10:47 PM, Ian Hickson <ian@hixie.ch> wrote: >> On Tue, 7 Apr 2009, Adam Barth wrote: >>> > >>> > To be precise, they allow servers to opt out of content sniffing in >>> > certain specific cases. It doesn't affect, for instance, how the >>> > Content-Type header is treated for images (e.g. an image/png image >>> > sent as image/gif is still treated as a PNG, even with this header >>> > set, if I'm not mistaken; >>> >>> IE8 has a more awesome implementation than Chrome. In IE8, these images >>> won't render >> >> Even in <img> elements? > > I think so. /me goes and makes a test case. Yep. Well, I tested a GIF with a Content-Type header of image/png. Sorry I don't have the test case available at a public URL. I use netcat for these kinds of tests to make sure I get the network bytes rights. I think the <script> tag still accepts any type, but we got a request from someone on the security team to make that strict when the nosniff directive is enabled. It's unclear what we'll end up doing in that case. AdamReceived on Wednesday, 8 April 2009 05:55:40 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC