W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 28 Nov 2012 22:42:29 -0800
Message-ID: <CALx_OUDwMNkfZ4J03BVJ1ByJ2t1PKSs8wq4wCKPZNM+RbC3WAA@mail.gmail.com>
To: "Gordon P. Hemsley" <gphemsley@gmail.com>
Cc: whatwg List <whatwg@whatwg.org>

There are substantial negative security consequences to sniffing
content on MIME types that are commonly used as default fallback
values by web servers or web application developers. This includes
text/plain and application/octet-stream.

/mz

Received on Thursday, 29 November 2012 06:57:54 UTC

This message: [ Message body ]
Next message: Boris Zbarsky: "Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing"
Previous message: Gordon P. Hemsley: "[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing"
In reply to: Gordon P. Hemsley: "[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing"
Next in thread: Boris Zbarsky: "Re: [whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:48 UTC