- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 04 Mar 2010 10:18:26 +0100
- To: Adam Barth <w3c@adambarth.com>
- CC: Sam Ruby <rubys@intertwingly.net>, HTML WG <public-html@w3.org>
On 04.03.2010 03:29, Adam Barth wrote:
> On Wed, Mar 3, 2010 at 8:20 AM, Julian Reschke<julian.reschke@gmx.de> wrote:
>> On 03.03.2010 17:05, Sam Ruby wrote:
>>> "Clarify that mime type sniffing is optional"
>>>
>>> Per the decision policy, at this time the chairs would like to solicit
>>> volunteers to write Change Proposals.
>>>
>>> http://www.w3.org/html/wg/tracker/issues/104
>>> http://dev.w3.org/html5/decision-policy/decision-policy.html#escalation
>>>
>>> If no Change Proposals are written by April 5th, 2010 this issue will be
>>> closed without prejudice.
>>>
>>> Issue status link:
>>> http://dev.w3.org/html5/status/issue-status.html#ISSUE-104
>>
>> I volunteer to write this CP.
>
> Julian, would you be willing to summarize (e.g., in one sentence) what
> resolution you intend to propose? I'm happy to update the
> Internet-Draft to make this clearer without needing to go through the
> whole Change Proposal process.
Hi Alan,
I think the cited draft could be improved, see the discussion that Larry
started on apps-discuss. (*)
However *this* issue is really about HTML5, not the Internet Draft.
Again, I cite what it says (or used to say a few weeks ago):
"The Content-Type metadata of a resource must be obtained and
interpreted in a manner consistent with the requirements of the
Content-Type Processing Model specification. [MIMESNIFF]
The algorithm for extracting an encoding from a Content-Type, given a
string s, is given in the Content-Type Processing Model specification.
It either returns an encoding or nothing. [MIMESNIFF]
The sniffed type of a resource must be found in a manner consistent with
the requirements given in the Content-Type Processing Model
specification for finding that sniffed type. [MIMESNIFF]
The rules for sniffing images specifically and the rules for
distingushing if a resource is text or binary are also defined in the
Content-Type Processing Model specification. Both sets of rules return a
MIME type as their result. [MIMESNIFF]
Warning: It is imperative that the rules in the Content-Type Processing
Model specification be followed exactly. When a user agent uses
different heuristics for content type detection than the server expects,
security problems can occur. For more details, see the Content-Type
Processing Model specification. [MIMESNIFF]"
(context: <http://www.w3.org/Bugs/Public/show_bug.cgi?id=7744#c22>)
So this is an example of totally unhelpful references, but also of not
saying *anything* about what the reader might want to know ("can I
*rely* on sniffing/do I *have* to implement sniffing").
That's what the CP would address.
Best regards, Julian
(*) It would be great if, in the process on working on this, we'd end up
with a more modular sniffing spec, where the individual parts have
names/subsections that could be used in references.
(**) Maybe IETF Anaheim would be an opportunity to look at this? I
assume you'll be there for http-state?
Received on Thursday, 4 March 2010 09:19:10 UTC