-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Dec 9, 2003, at 2:52 AM, Martin Creutziger wrote:
to the objections concerning malicious code in .jpg:
1. .jpeg /.jpg should not be sniffed by content, but by extension, if at all.
2. even if we would sniff it: "file -i" returns "application/octet-stream". So what? Camino safes that to disk, doesn't it? And where we go from there, is up to the user and SEP (He won't open it with Camino, most likely).
IIRC, the problem with IE and "jpegs" stemmed from IE using the JPEG type to declare it "safe" then sniffing the content of the JPEG, deciding that it was executable, and *executing* it, since it had been deemed safe. There was a similar problem with sound files. This is because, of course, IE is also the system shell and therefore responsible for executing programs. Camino, thankfully, has no such problem.
Thinking about this a little more, if I get motivated enough to do the patch, here is the flow I'll use:
(n.b. preference names are placeholders. I'll query the project for a naming convention before coding. The term "preferences" refers to Mozilla's *.js files and not to any exposure in the UI.)
1. If the "contentSniffing" preference is "true", read in a list of "ambiguous" MIME types from preferences.
2. If the server sends a "Content-disposition" header with the value "attachment", always save the file to disk, regardless of sniffing.
3. If the server sends a "Content-disposition" header of inline, rigorously respect the MIME type it sends and display accordingly, regardless of sniffing. (This is a sign that the MIME type has been *intentionally* configured the way it was sent.)
4. If the server sends a "Content-type" header that is on the "ambiguous" list, use a method like magic(5) to attempt to determine the content. If this gives the same results as the server-specified MIME type, take the default action for that MIME type. If it conflicts, take one of the following actions:
a. If the detected type is one that Camino handles internally (text/html, text/xml, image/jpeg, image/gif, image/png, etc.) render inline based on the detected filetype.
b. If it is anything else, prompt the user for a save location and save it.
This should be reasonable because we sniff only a small number of file types. Note that we don't attempt to identify a disk image versus a zip file versus a macbinary-encoded executable versus a pdf, etc. We just save anything Camino doesn't handle itself.
Note that modem users would be better off under this scheme than the current one, since "unreadable" files would be saved rather than rendered.
I'm not sure I'll produce a patch, but this is my thinking... If I do, I'll certainly let folks here know, since it seems like such a feature would be used by folks on this list :-)
Regards,
Geoff -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/1fMNhDesw0aKNlcRAigdAJwPXzwhokvPcuUNTrqhclKm4iJxhACfSLwl 8E6W03pQwABT6g0xJyCotTc= =uyQg -----END PGP SIGNATURE-----
_______________________________________________ Camino mailing list [EMAIL PROTECTED] http://mozdev.org/mailman/listinfo/camino
