On Sun, 31 May 2009, Adam Barth wrote:
> >
> > I see no justification whatsoever for allowing conforming user agents
> > to sniff types for new elements such as <video>, or encouraging such
> > behavior, which is just opening the door for whole other categories of
> > spoofing. Certainly this isn't represented by any deployed
> > infrastructure.
>
> The current draft doesn't take a position on this issue. Is there
> something you'd like changed in the draft pursuant to the above?
The current HTML5 spec's position on this issue is that the Content-Type
header is completely ignored in the processing of <video>, I believe.
(Like with <img>, though less explicitly.) There's no sniffing algorithm
defined or referenced; it is assumed that video formats define how to
recognise themselves.
I'd be happy to require the browsers to obey Content-Type rigorously here
if they are willing to implement such requirements. Can any browser
vendors comment on this issue?
(In practice, many video files seem to be transmitted with completely
bogus MIME types; indeed video, possibly primarily pornographic video, is
the primary motivator for the "text vs binary" sniffing algorithm in the
content sniffing draft, which is invoked when navigating to files, as
opposed to when using <video>.)
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'