On Sun, 31 May 2009, Adam Barth wrote: > > > > I see no justification whatsoever for allowing conforming user agents > > to sniff types for new elements such as <video>, or encouraging such > > behavior, which is just opening the door for whole other categories of > > spoofing. Certainly this isn't represented by any deployed > > infrastructure. > > The current draft doesn't take a position on this issue. Is there > something you'd like changed in the draft pursuant to the above? The current HTML5 spec's position on this issue is that the Content-Type header is completely ignored in the processing of <video>, I believe. (Like with <img>, though less explicitly.) There's no sniffing algorithm defined or referenced; it is assumed that video formats define how to recognise themselves. I'd be happy to require the browsers to obey Content-Type rigorously here if they are willing to implement such requirements. Can any browser vendors comment on this issue? (In practice, many video files seem to be transmitted with completely bogus MIME types; indeed video, possibly primarily pornographic video, is the primary motivator for the "text vs binary" sniffing algorithm in the content sniffing draft, which is invoked when navigating to files, as opposed to when using <video>.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 1 June 2009 08:18:56 UTC