Re: Sniffing and HTTP-bis (ACTION-309)

David Booth wrote:
> ...
> But my question was innocent.  I wasn't sure whether
> non-security-related cases had already been ruled out for some reason.
> If there isn't a particular reason to exclude them, I would suggest
> adding the word "especially" to the proposed update:
>   If the Content-Type header field _is_ present, recipients SHOULD NOT
>   examine the content and override the specified type, *especially* if the 
>   change would significantly alter the security exposure ('privilege
>   escalation').
> ...

I personally think that SHOULD NOT is good advice. However, that has 
failed in practice. UAs *do* sniff.

If you're serious about this, how about getting this into HTML5?

Best regards, Julian

Received on Wednesday, 2 December 2009 18:25:57 UTC