Re: Revisiting Authoritative Metadata (was: The failure of Appendix C as a transition technique)

* Anne van Kesteren wrote:
>On Sun, Mar 3, 2013 at 12:26 AM, Bjoern Hoehrmann <> wrote:
>> I do not think "make browsers render this as plain text" is a must-have
>> feature but "prevent browsers from treating this as something they know"
>> certainly is and you cannot do that reliably via magic numbers in files.
>CSP handles that kind of thing.

The CSP 1.0 proposal even points out explicitly that it does not do so,
c.f. <>.
What would help is `X-Content-Type-Options: nosniff`, but if you look
at <> then there
appears to be no consensus whether this feature's needed at all and why.
Björn Höhrmann · ·
Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · 

Received on Monday, 4 March 2013 13:44:23 UTC