W3C home > Mailing lists > Public > www-tag@w3.org > March 2013

Re: Revisiting Authoritative Metadata (was: The failure of Appendix C as a transition technique)

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 04 Mar 2013 14:43:54 +0100
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <9vv8j856bk2baprl816ouq71dhqnqlnab1@hive.bjoern.hoehrmann.de>
* Anne van Kesteren wrote:
>On Sun, Mar 3, 2013 at 12:26 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
>> I do not think "make browsers render this as plain text" is a must-have
>> feature but "prevent browsers from treating this as something they know"
>> certainly is and you cannot do that reliably via magic numbers in files.
>CSP handles that kind of thing.

The CSP 1.0 proposal even points out explicitly that it does not do so,
c.f. <http://lists.w3.org/Archives/Public/www-style/2013Mar/0028.html>.
What would help is `X-Content-Type-Options: nosniff`, but if you look
at <https://bugzilla.mozilla.org/show_bug.cgi?id=471020#c37> then there
appears to be no consensus whether this feature's needed at all and why.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 4 March 2013 13:44:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:54 UTC