- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 04 Mar 2010 10:18:26 +0100
- To: Adam Barth <w3c@adambarth.com>
- CC: Sam Ruby <rubys@intertwingly.net>, HTML WG <public-html@w3.org>
On 04.03.2010 03:29, Adam Barth wrote: > On Wed, Mar 3, 2010 at 8:20 AM, Julian Reschke<julian.reschke@gmx.de> wrote: >> On 03.03.2010 17:05, Sam Ruby wrote: >>> "Clarify that mime type sniffing is optional" >>> >>> Per the decision policy, at this time the chairs would like to solicit >>> volunteers to write Change Proposals. >>> >>> http://www.w3.org/html/wg/tracker/issues/104 >>> http://dev.w3.org/html5/decision-policy/decision-policy.html#escalation >>> >>> If no Change Proposals are written by April 5th, 2010 this issue will be >>> closed without prejudice. >>> >>> Issue status link: >>> http://dev.w3.org/html5/status/issue-status.html#ISSUE-104 >> >> I volunteer to write this CP. > > Julian, would you be willing to summarize (e.g., in one sentence) what > resolution you intend to propose? I'm happy to update the > Internet-Draft to make this clearer without needing to go through the > whole Change Proposal process. Hi Alan, I think the cited draft could be improved, see the discussion that Larry started on apps-discuss. (*) However *this* issue is really about HTML5, not the Internet Draft. Again, I cite what it says (or used to say a few weeks ago): "The Content-Type metadata of a resource must be obtained and interpreted in a manner consistent with the requirements of the Content-Type Processing Model specification. [MIMESNIFF] The algorithm for extracting an encoding from a Content-Type, given a string s, is given in the Content-Type Processing Model specification. It either returns an encoding or nothing. [MIMESNIFF] The sniffed type of a resource must be found in a manner consistent with the requirements given in the Content-Type Processing Model specification for finding that sniffed type. [MIMESNIFF] The rules for sniffing images specifically and the rules for distingushing if a resource is text or binary are also defined in the Content-Type Processing Model specification. Both sets of rules return a MIME type as their result. [MIMESNIFF] Warning: It is imperative that the rules in the Content-Type Processing Model specification be followed exactly. When a user agent uses different heuristics for content type detection than the server expects, security problems can occur. For more details, see the Content-Type Processing Model specification. [MIMESNIFF]" (context: <http://www.w3.org/Bugs/Public/show_bug.cgi?id=7744#c22>) So this is an example of totally unhelpful references, but also of not saying *anything* about what the reader might want to know ("can I *rely* on sniffing/do I *have* to implement sniffing"). That's what the CP would address. Best regards, Julian (*) It would be great if, in the process on working on this, we'd end up with a more modular sniffing spec, where the individual parts have names/subsections that could be used in references. (**) Maybe IETF Anaheim would be an opportunity to look at this? I assume you'll be there for http-state?
Received on Thursday, 4 March 2010 09:19:10 UTC