- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Tue, 13 May 2014 09:57:41 -0700
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg <whatwg@lists.whatwg.org>, "Eduardo' Vela\\ <Nava>" <evn@google.com>, Adam Barth <w3c@adambarth.com>
>> Yup, from the perspective of a significant proportion of modern >> websites, MIME sniffing would be almost certainly a disaster. > > I'm not suggesting sniffing, I'm suggesting having a single well-defined > algorithm with well-defined fixed signatures. > > For formats that don't have signatures, this doesn't work, obviously. We probably can't support a well-defined algorithm for detecting documents that have distinctive signatures while safely supporting formats that don't have them (because there is always a possibility that the non-structured format with user-controlled data could be used to forge a signature).
Received on Tuesday, 13 May 2014 16:59:16 UTC