[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing

Based on my reading of the source code, it seems that Gecko treats a
resource served as 'application/octet-stream' as an unknown type which
is sniffed as if no Content-Type was specified.

Are there security implications with doing this? Or should I add
'application/octet-stream' to the list of unknown types that currently
includes 'unknown/unknown', 'application/unknown', and '*/*' (step 2
of the "media type sniffing algorithm")? Or, given that that step
calls the "rules for identifying an unknown media type" with the
sniff-scriptable flag set, should it get its own call, with the
sniff-scriptable flag unset? Are there other options here?

I haven't checked what UAs actually do in practice, but I don't
believe the spec currently allows anything but leaving resources
tagged as 'application/octet-stream' as they are.

-- 
Gordon P. Hemsley
me@gphemsley.org
http://gphemsley.org/http://gphemsley.org/blog/

Received on Thursday, 29 November 2012 06:36:22 UTC