W3C home > Mailing lists > Public > public-html@w3.org > July 2008

Re: <object> content-type sniffing (detailed review of Semantics)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 24 Jul 2008 22:33:05 +0000 (UTC)
To: Simon Pieters <simonp@opera.com>
Cc: public-html <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0807242229060.10853@hixie.dreamhostps.com>

On Thu, 23 Aug 2007, Simon Pieters wrote:
> The spec says about <object>:
>      4. Determine the resource type, as follows:
>         Big Issue: This says to trust the type. Should we instead use
>         the same mechanism as for browsing contexts?
> I've done some ad-hoc testing. (See these test cases as demos -- I'm not
> entirely sure the pass conditions are actually according to the current
> spec...) It seems that some sniffing is happening in browsers.
> gif as text/plain:
>    http://simon.html5.org/test/html/semantics/object/mislabeled/001.htm
> Safari treats the resource as application/octet-stream, and downloads it (then
> shows the fallback).
> Firefox uses the fallback.
> Opera shows the image.
> IE7 treats the resource as text/plain if some security setting is enabled, but
> the infobar pops up and says that the content might not show up correctly.
> When clicking the infobar and choosing "show restricted content" it is treated
> as application/octet-stream, and a download dialog appears.

The spec says to treat the image as image/gif, as of yesterday (until 
yesterday it said to treat it as application/octet-stream).

> gif as text/html:
>   http://simon.html5.org/test/html/semantics/object/mislabeled/002.htm
> Abovementioned browsers treat it as HTML.

Spec agrees.

> gif as image/png:
> gif as image/jpeg:
>    http://simon.html5.org/test/html/semantics/object/mislabeled/003.htm
>    http://simon.html5.org/test/html/semantics/object/mislabeled/004.htm
> It seems that image types are treated the same in browsers, and the 
> resources are basically fed through the image library that reads the 
> first few bytes before deciding what type of image it is. (This is also 
> the case for browsing contexts, btw.)

Spec agrees.

> flash as text/plain:
> flash as text/plain with .swf extension:
>    http://simon.html5.org/test/html/semantics/object/mislabeled/005.htm
>    http://simon.html5.org/test/html/semantics/object/mislabeled/006.htm
> It seems the file extension makes a difference in some browsers.
> Safari treats the first as application/octet-stream (just like with 001) 
> and the second as application/x-shockwave-flash.
> Firefox treats both as text/plain.
> Opera uses the fallback for the first and treats the second as 
> application/x-shockwave-flash.
> IE7 treats the first as text/plain but shows the infobar (just like with 
> 001) and the second as application/x-shockwave-flash.

The spec right now for <object> isn't influenced by the extension (it is 
for <embed>, though I'd like to change that). If we add Flash to the list 
of sniffable types, then these would get treated as Flash.

> flash as application/octet-stream:
> flash as application/octet-stream with .swf extension:
>    http://simon.html5.org/test/html/semantics/object/mislabeled/007.htm
>    http://simon.html5.org/test/html/semantics/object/mislabeled/008.htm
> Safari, Opera and IE7 use the fallback for the first and treat the second as
> application/x-shockwave-flash.
> Firefox uses the fallback for both.

Right now the spec treats application/octet-stream as a flag that means 
"defer to the type="" attribute". If there is no type attribute, it gets 
treated as application/octet-stream. Should we invoke the unknown type 
sniffing rules at that point?

> flash as application/octet-stream, with type="":
> flash as application/octet-stream with .swf extension, with type="":
>    http://simon.html5.org/test/html/semantics/object/mislabeled/009.htm
>    http://simon.html5.org/test/html/semantics/object/mislabeled/010.htm
> Safari treats both as application/x-shockwave-flash.
> Opera and Firefox use the fallback for the first and treats the second as
> application/x-shockwave-flash.
> IE7 doesn't seem to ever finish loading these...? But the Flash plugin is used
> for both nevertheless.
> Note that not treating 010 as application/x-shockwave-flash caused problems
> for Mozilla:
>    https://bugzilla.mozilla.org/show_bug.cgi?id=389677

application/octet-stream with type="" always defers to the type in the 

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 24 July 2008 22:33:40 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:34 UTC