[Bug 7744] Is sniffing required? from bugzilla@wiggum.w3.org on 2010-02-09 (public-html-bugzilla@w3.org from February 2010)

From: <bugzilla@wiggum.w3.org>
Date: Tue, 09 Feb 2010 14:37:52 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1NerDs-0005ci-A3@wiggum.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=7744





--- Comment #22 from Julian Reschke <julian.reschke@gmx.de>  2010-02-09 14:37:51 ---
(In reply to comment #19)
> ...
> (PS even though implementors don't always follow references, in this case there
> is no way to implement the required behavior at all without reading the
> referenced document.)
> ...

Implementers are only one of multiple audiences.

I'm not so concerned about implementers, I'm concerned about people reading
just HTML5 and concluding that the spec requires sniffing (after all, it has a
normative reference to "MIMESNIFF", right?)

One simple way to improve the situation would be to rename the reference.

Another one would be to make the actual references more useful. Right now
(2010-02-09) HTML5 has:

"The Content-Type metadata of a resource must be obtained and interpreted in a
manner consistent with the requirements of the Content-Type Processing Model
specification. [MIMESNIFF]

The algorithm for extracting an encoding from a Content-Type, given a string s,
is given in the Content-Type Processing Model specification. It either returns
an encoding or nothing. [MIMESNIFF]

The sniffed type of a resource must be found in a manner consistent with the
requirements given in the Content-Type Processing Model specification for
finding that sniffed type. [MIMESNIFF]

The rules for sniffing images specifically and the rules for distingushing if a
resource is text or binary are also defined in the Content-Type Processing
Model specification. Both sets of rules return a MIME type as their result.
[MIMESNIFF]

Warning: It is imperative that the rules in the Content-Type Processing Model
specification be followed exactly. When a user agent uses different heuristics
for content type detection than the server expects, security problems can
occur. For more details, see the Content-Type Processing Model specification.
[MIMESNIFF]"

That's right: *every single* paragraph ends with a reference to MIMESNIFF. It
would be better to reference (and hyperlink) the relevant *sections* in
MIMESNIFF that actually contain the referenced material, instead of letting the
reader find out.

And yes, this means that the references may break if MIMESNIFF gets updated.
That is a feature, not a bug. If MIMESNIFF is a normative reference than HTML5
be better checked every time it gets updated.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 9 February 2010 14:37:53 UTC