Re: comments on draft-barth-mime-sniffing

On Sun, 31 May 2009, Adam Barth wrote:
> > 
> > I see no justification whatsoever for allowing conforming user agents 
> > to sniff types for new elements such as <video>, or encouraging such 
> > behavior, which is just opening the door for whole other categories of 
> > spoofing.  Certainly this isn't represented by any deployed 
> > infrastructure.
> 
> The current draft doesn't take a position on this issue.  Is there 
> something you'd like changed in the draft pursuant to the above?

The current HTML5 spec's position on this issue is that the Content-Type 
header is completely ignored in the processing of <video>, I believe. 
(Like with <img>, though less explicitly.) There's no sniffing algorithm 
defined or referenced; it is assumed that video formats define how to 
recognise themselves.

I'd be happy to require the browsers to obey Content-Type rigorously here 
if they are willing to implement such requirements. Can any browser 
vendors comment on this issue?

(In practice, many video files seem to be transmitted with completely 
bogus MIME types; indeed video, possibly primarily pornographic video, is 
the primary motivator for the "text vs binary" sniffing algorithm in the 
content sniffing draft, which is invoked when navigating to files, as 
opposed to when using <video>.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 1 June 2009 08:18:56 UTC