On Sun, Jan 24, 2010 at 7:37 AM, Leonard Rosenthol <lrosenth@adobe.com> wrote: > The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(. That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins). Is this an attack to worry about? A renegade server or proxy can do *anything it wants* to the data passing through it over http; worrying about one swapping mimetypes so that plugins don't work seems like vacuuming a desert - there's still plenty of sand left over no matter what you do. ~TJReceived on Sunday, 24 January 2010 15:46:01 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:08 UTC