[whatwg/fetch] Treat resources requested via FTP as binary data. (#839) from Mike West on 2018-11-27 (public-webapps-github@w3.org from November 2018)

From: Mike West <notifications@github.com>
Date: Tue, 27 Nov 2018 10:06:12 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/839@github.com>

Downloading resources over FTP is dangerous in itself, as FTP is a non-securable
protocol. But rendering resources as 'text/html' or similar is even more
dangerous for a variety of reasons (explored to some extent in the blink-dev@
thread linked below). This patch forces FTP resources into an
'application/octet-stream' MIME type, which should prevent them from rendering
as HTML in user agents.

https://groups.google.com/a/chromium.org/d/msg/blink-dev/eopgOoY1QLs/e1tIefOxAAAJ

Closes whatwg/html#4178
You can view, comment on, or merge this pull request online at:

  https://github.com/whatwg/fetch/pull/839

-- Commit Summary --

  * Treat resources requested via FTP as binary data.

-- File Changes --

    M fetch.bs (26)

-- Patch Links --

https://github.com/whatwg/fetch/pull/839.patch
https://github.com/whatwg/fetch/pull/839.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/839

Received on Tuesday, 27 November 2018 10:06:34 UTC