- From: Eric J. Bowman <eric@bisonsystems.net>
- Date: Fri, 22 Jan 2010 16:33:31 -0700
- To: David Booth <david@dbooth.org>
- Cc: Larry Masinter <masinter@adobe.com>, "www-tag@w3.org" <www-tag@w3.org>
David Booth wrote: > > FWIW, I also posted some comments on draft-abarth-mime-sniff-03: > http://www.ietf.org/mail-archive/web/apps-discuss/current/msg01262.html > Regarding: "But they do not distinguish plain HTML from HTML that embeds JavaScript or other scripting languages. This forces us to paint plain HTML with the same security brush as we paint JavaScript, and this seems wrong." FWIW, this distinction can be made by sending a "Content-Script-Type: application/javascript" (or other script type) header. -Eric
Received on Friday, 22 January 2010 23:33:55 UTC