- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 04 Mar 2013 14:43:54 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
* Anne van Kesteren wrote: >On Sun, Mar 3, 2013 at 12:26 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: >> I do not think "make browsers render this as plain text" is a must-have >> feature but "prevent browsers from treating this as something they know" >> certainly is and you cannot do that reliably via magic numbers in files. > >CSP handles that kind of thing. The CSP 1.0 proposal even points out explicitly that it does not do so, c.f. <http://lists.w3.org/Archives/Public/www-style/2013Mar/0028.html>. What would help is `X-Content-Type-Options: nosniff`, but if you look at <https://bugzilla.mozilla.org/show_bug.cgi?id=471020#c37> then there appears to be no consensus whether this feature's needed at all and why. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 4 March 2013 13:44:23 UTC