- From: Gervase Markham <gerv@mozilla.org>
- Date: Fri, 25 May 2007 10:43:12 +0100
Ian Hickson wrote: > Note that the HTML5 spec requires browsers not to convert text/plain to a > more dangerous type (text/plain is either treated as text/plain or > application/octet-stream according to the spec). Excellent. Although I also mention my story as a general counterpoint to the "Well, obviously the browser should Do The Right Thing if the Content-Type is wrong" viewpoint. Content sniffing can have security consequences. Gerv
Received on Friday, 25 May 2007 02:43:12 UTC