- From: Jim Manico <jim.manico@owasp.org>
- Date: Thu, 2 Apr 2015 18:23:32 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Ok Anne, that was just awesome analysis. I'm very impressed with both the depth and the clarity. Aloha, -- Jim Manico @Manicode (808) 652-3805 > On Apr 2, 2015, at 3:24 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > >> On Thu, Apr 2, 2015 at 9:41 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> I've been trying to figure out what this header does in Internet >> Explorer 11 and Chrome dev and how we could maybe standardize it. > > <img> - Again only Internet Explorer supports this case. The network > layer check is a filter on supported image formats. E.g. both > image/png and image/gif MIME types can proceed and will produce a load > event. However, if both are for a GIF resource that will only decode > with the image/gif MIME type. > > That distinction would mean it's no longer just something we could > check in Fetch. It means the image decoder (which typically handles a > bunch of formats) needs to play an active role too. It's not entirely > clear to me why it is desirable to be able to enforce a distinction > between different image formats. > > > -- > https://annevankesteren.nl/ >
Received on Friday, 3 April 2015 01:24:02 UTC