W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: Risks with NULL Mime type

From: Martin Nilsson <nilsson@opera.com>
Date: Thu, 02 Jan 2014 14:23:41 +0100
To: ietf-http-wg@w3.org
Message-ID: <op.w8195rjeiw9drz@riaa>
On Thu, 02 Jan 2014 03:58:01 +0100, Amit Aggarwal <amit.agg@samsung.com>  
wrote:

> Hello,
>
>
> Happy New Year to everyone.
>
>
> I am not sure if this is the right group for my question. Please advise  
> me
> otherwise.
>
>
>
> 1)      How safe is it for clients to handle NULL mime types and allow
> actions based on file extensions when MIME TYPE is null.
>
>
> Example:  Server is hosting APK file with NULL MIME TYPE. Most browser  
> will
> download it but install may fail if browser is checking MIME TYPE for
> appropriate handler. One workaround is to check file extension in this  
> case
> and search appropriate handler.
>
>
> Are there any potential risks to this approach ?

File extensions tend to not work very well. A more robust method is  
discussed in this WHATWG draft: http://mimesniff.spec.whatwg.org/

>
>
> 2)      How common is it to have NULL Mime type files hosted by servers ?
>

It is very common for files to be served with incorrect MIME type, or  
indeed confusion about what the correct MIME type is.

/Martin Nilsson
Received on Thursday, 2 January 2014 13:24:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC