* toad <toad at amphibian.dyndns.org> [2006-12-02 03:07:25]: > On Thu, Nov 30, 2006 at 10:13:17PM +0000, toad wrote: > > Firefox 2.0 includes an "RSS feed sniffer". What this means is that if a > > file looks like RSS, regardless of its content type (tests show this > > happening with text/plain and image/jpeg, but not text/html), it will be > > treated as RSS and either displayed (previewed?) internally or passed to > > a third party RSS reader app, including all inline images (potentially > > web bugs). > > It turns out that XML does not tolerate ANY non-tag characters before > the first tag, and Firefox transparently falls back to the original MIME > type if parsing the RSS fails.
Is that the current behaviour or the one after your patch got merged into their trunk and released ? > The consequences of this: > - If we check the headers of image/png, image/jpeg etc, we can be 100% > sure that anything passed through will NOT be recognized as RSS. > - That leaves text/plain. If we can be sure that a file does not start > with "<", we can safely pass it through. If a file does start with > "<", then we can: > - Convert it to UTF16. We need to know what the charset is to start > with to do this, but it should be safe for the time being (Firefox's > RSS detection only works with US-ASCII based charsets). > - Add an invisible space. Again we need to know the charset, which we > often won't. But this is safer than the first option. > - Add a visible space or newline. This will always work, and will > always be safe, but it *modifies the content*. > > Which is best? I would vote for "add a few newlines" as we use to mangle the content anyway and that won't prevent people from using cut&paste. -- NextGen$. "On peut ob??r aux lois en souhaitant qu'elles changent, comme on sert ? la guerre en souhaitant la paix." Merleau Ponty - L'?loge de la philosophie -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20061202/c15b3a5b/attachment.pgp>
