W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: X-Content-Type-Options: nosniff

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 8 Apr 2015 19:58:40 +0200
Message-ID: <CADnb78jds=CY4d6-FTHk3=_FSw3e6dA8SFpKvDM1QYJVOy9eyA@mail.gmail.com>
To: David Walp <David.Walp@microsoft.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Wed, Apr 8, 2015 at 7:38 PM, David Walp <David.Walp@microsoft.com> wrote:
> Please, can you share which version of Internet Explorer you were working with?  Not sure if you know that in Windows 10  there has been a focus on making the browser interoperable with the actual Web.  A result of this work is a number of changes in the area you describe for the Windows 10 browser.  I wanted to know if these changes were reflected in your analysis.

I used IE11 on Windows 10.

I ended up adding this to the specification by the way:

  https://fetch.spec.whatwg.org/#x-content-type-options-header

There's still some open questions about which specifications should
define the MIME type whitelists, but in general it should be pretty
clear now how to implement it in a way that is mostly interoperable
with IE11 (except for where it dispatches load rather than error and a
few other minor things) and Chrome (when it comes to <script> anyway).


-- 
https://annevankesteren.nl/
Received on Wednesday, 8 April 2015 17:59:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC