Re: comments on draft-abarth-mime-sniff-03

David Booth wrote:
> FWIW, I also posted some comments on draft-abarth-mime-sniff-03:


"But they do not distinguish plain HTML from HTML that embeds
JavaScript or other scripting languages.  This forces us to paint plain
HTML with the same security brush as we paint JavaScript, and this seems

FWIW, this distinction can be made by sending a "Content-Script-Type:
application/javascript" (or other script type) header.


Received on Friday, 22 January 2010 23:33:55 UTC