- From: Gordon P. Hemsley <gphemsley@gmail.com>
- Date: Wed, 5 Dec 2012 15:31:26 -0500
- To: Adam Barth <w3c@adambarth.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, whatwg List <whatwg@whatwg.org>
(It seems I somehow managed to not send this to the list the first time around. Addendum included.) On Tue, Dec 4, 2012 at 2:40 AM, Adam Barth <w3c@adambarth.com> wrote: > On Mon, Dec 3, 2012 at 12:39 PM, Julian Reschke <julian.reschke@gmx.de> wrote: >> On 2012-11-29 20:25, Adam Barth wrote: >>> These are supported in Chrome. That's what causes the download. From >> >> Can you elaborate about what you mean by "supported"? Chrome sniffs for the >> type, and then offers to download as a result of that sniffing? How is that >> different from not sniffing in the first place? > > They might otherwise be treated as a type that can be displayed > (rather than downloaded). But isn't the whole point of the spec to eliminate such accidental sniffing? Anything not explicitly sniffed based on the first bytes of the file will be assumed to be either 'application/octet-stream' or 'text/plain', depending on whether there are binary bytes present. The old IE behavior that you were investigating in your 2009 paper, where you sniff beyond the first few bytes to find embedded HTML, is eliminated with this sniffing algorithm. There is no case where you would accidentally sniff something as scriptable, if you were following the algorithm correctly. Or am I missing something? P.S. Note also that I have previously defined what it means to be "supported by the user agent": "A valid media type is supported by the user agent if the user agent has the capability to interpret a resource of that media type and present it to the user." http://mimesniff.spec.whatwg.org/#supported-by-the-user-agent -- Gordon P. Hemsley me@gphemsley.org http://gphemsley.org/ • http://gphemsley.org/blog/
Received on Wednesday, 5 December 2012 22:32:48 UTC