- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 02 Sep 2010 16:41:33 -0400
On 9/2/10 3:53 PM, Aryeh Gregor wrote: >> Why is it not a problem if there are suddenly use cases that are impossible >> because the browser will ignore the author's intent? > > Which use-cases? Well, serving up data as text/plain for it to be readable is one. I agree that for the specific case of <video> this is not a big deal. > Okay, but we're talking about standardizing sniffing in a spec. As > long as browsers' behavior in processing a given resource is > well-defined and reliable, a proxy could work fine by just > implementing the same algorithm. There's no reason that the proxy has > to only look at MIME types, is there? It simplifies the proxy a bit, > but not much. It will already have to do some content sniffing to > identify what content is dangerous, unless it's just going to block > everything of that file type (which I'm assuming isn't the case). Why are you assuming that? There are proposals for standardizing several different types of sniffing, with the one used being context-dependent. A proxy wouldn't have the context. It can all be made to work by erring on the side of blocking more stuff, but then you get to the point where the proxy makes it impossible to use the browser altogether, and then it's not a viable solution to the problem at hand. > Put another way: the problem here is not that browsers sniff. It's > that browsers don't behave interoperably or predictably. Speccing a > precise sniffing algorithm that everyone's willing to follow allows > proxies to reliably know what browsers will do with it. What will > cause problems is what you seem to be arguing for -- *not* speccing > sniffing Er... Where did I propose this? I proposed speccing that there MUST NOT be any sniffing, with browsers that sniff therefore being nonconformant. I didn't propose allowing ad-hoc sniffing. > For the use-case of filtering > exploits, it doesn't really matter what the behavior is, so long as > it's consistent. Only if "consistent" includes "consistent across all contexts".... (which no one is proposing to either specify or implement). -Boris
Received on Thursday, 2 September 2010 13:41:33 UTC