W3C home > Mailing lists > Public > www-tag@w3.org > January 2010

Re: comments on draft-abarth-mime-sniff-03

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Fri, 22 Jan 2010 16:33:31 -0700
To: David Booth <david@dbooth.org>
Cc: Larry Masinter <masinter@adobe.com>, "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <20100122163331.223c2528.eric@bisonsystems.net> 
David Booth wrote:
>
> FWIW, I also posted some comments on draft-abarth-mime-sniff-03:
> http://www.ietf.org/mail-archive/web/apps-discuss/current/msg01262.html
> 

Regarding:

"But they do not distinguish plain HTML from HTML that embeds
JavaScript or other scripting languages.  This forces us to paint plain
HTML with the same security brush as we paint JavaScript, and this seems
wrong."

FWIW, this distinction can be made by sending a "Content-Script-Type:
application/javascript" (or other script type) header.

-Eric
Received on Friday, 22 January 2010 23:33:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:32 UTC