Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
On Tue, 13 Nov 2012 01:12:53 +0100, Ian Hickson wrote: On Mon, 12 Nov 2012, Gordon P. Hemsley wrote: In that case, I need to know which you think you might want for HTML and which you know you won't. (I don't know of any other specs reliant on mimesniff.) We may one day need a set of rules to sniff for a media resource (e.g. audio/wave vs video/webm), but whether we'll need this is as yet unclear (some browser vendors want to sniff, others don't). Opera has implemented the mimesniff spec and is using it for media resources, so I'd appreciate if this stayed in the spec even if not all browser vendors want to do the same. -- Philip Jägenstedt Core Developer Opera Software
Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
On Mon, 12 Nov 2012, Gordon P. Hemsley wrote: > On Mon, Nov 12, 2012 at 6:08 PM, Ian Hickson wrote: > > On Mon, 12 Nov 2012, Gordon P. Hemsley wrote: > >> But if everyone vows to just wait for 512 bytes (or EOF), then that's > >> fine with me. > > > > I don't think we should require tools to wait for 512 bytes. This is > > an area where if we have the requirement, some user agents are just > > going to have a timeout anyway and ignore the spec; we gain nothing by > > making it non-conforming to have a timeout. > > I'm inclined to agree with you, but I'm curious what other implementers > have to say on the issue. > > >> > What are the use cases for ‘Sniffing archives specifically’? > >> > >> No idea. I only included it for completeness. > > > > Please don't spec things for completeness without use cases. :-) > > In that case, I need to know which you think you might want for HTML and > which you know you won't. (I don't know of any other specs reliant on > mimesniff.) We definitely need (and are using) the generic sniffer, sniffing for images specifically, and the rules for text vs binary. We may one day need a set of rules to sniff for a media resource (e.g. audio/wave vs video/webm), but whether we'll need this is as yet unclear (some browser vendors want to sniff, others don't). CSS might need a font sniffer for @font-face, I don't know. That's it, as far as I know. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
On Mon, Nov 12, 2012 at 6:08 PM, Ian Hickson wrote: > On Mon, 12 Nov 2012, Gordon P. Hemsley wrote: >> But if everyone vows to just wait for 512 bytes (or EOF), then that's >> fine with me. > > I don't think we should require tools to wait for 512 bytes. This is an > area where if we have the requirement, some user agents are just going to > have a timeout anyway and ignore the spec; we gain nothing by making it > non-conforming to have a timeout. I'm inclined to agree with you, but I'm curious what other implementers have to say on the issue. >> > What are the use cases for ‘Sniffing archives specifically’? >> >> No idea. I only included it for completeness. > > Please don't spec things for completeness without use cases. :-) In that case, I need to know which you think you might want for HTML and which you know you won't. (I don't know of any other specs reliant on mimesniff.) -- Gordon P. Hemsley m...@gphemsley.org http://gphemsley.org/ • http://gphemsley.org/blog/
Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
On Mon, 12 Nov 2012, Gordon P. Hemsley wrote: > > But if everyone vows to just wait for 512 bytes (or EOF), then that's > fine with me. I don't think we should require tools to wait for 512 bytes. This is an area where if we have the requirement, some user agents are just going to have a timeout anyway and ignore the spec; we gain nothing by making it non-conforming to have a timeout. > > What are the use cases for ‘Sniffing archives specifically’? > > No idea. I only included it for completeness. Please don't spec things for completeness without use cases. :-) -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
Thanks for pursuing this. Resending feedback previously written at https://bugzilla.mozilla.org/show_bug.cgi?id=808593#c10 : I think the bits ‘type is equal to "font" or’ and ‘type is equal to "archive" or’ are highly questionable. The most popular font types are in the process of getting application/ types and the most popular archives already have application/ types. I suspect the ‘a reasonable amount of time has elapsed, as determined by the user agent.’ is unnecessary. The HTML spec has the same provision for the prescan. Firefox didn’t implement it, a couple of people complained, then fixed their code, and the sky didn’t fall. What are the use cases for ‘Sniffing archives specifically’? It appears that it sniffs ODF-style files (http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752809_826425813 ; EPUB, ODF, InDesign, etc.) and Open Packaging Conventions-based files (https://en.wikipedia.org/wiki/Open_Packaging_Conventions ; OOXML, XPS, etc.) files as zip archives. Is that intended and a desirable outcome in the light of use cases? (In general, it would be easier to review if the spec makes sense if the use cases and callers of various sniffing functions were known.) Otherwise, looks good to me. -- Henri Sivonen hsivo...@iki.fi http://hsivonen.iki.fi/
Re: [whatwg] [mimesniff] Review requested on MIME Sniffing Standard
On Mon, Nov 12, 2012 at 10:06 AM, Henri Sivonen wrote: > Resending feedback previously written at > https://bugzilla.mozilla.org/show_bug.cgi?id=808593#c10 : > > I think the bits ‘type is equal to "font" or’ and ‘type is equal to > "archive" or’ are highly questionable. The most popular font types are > in the process of getting application/ types and the most popular > archives already have application/ types. Buzzkill. ;( > I suspect the ‘a reasonable amount of time has elapsed, as determined > by the user agent.’ is unnecessary. The HTML spec has the same > provision for the prescan. Firefox didn’t implement it, a > couple of people complained, then fixed their code, and the sky didn’t > fall. This line was present in a previous draft of the spec, as was the seeming allowance to begin matching the resource header before it had finished loading. For simplicity in the algorithm, I removed the latter, so I left the former in as an escape hatch for those who wanted to emulate that behavior. But if everyone vows to just wait for 512 bytes (or EOF), then that's fine with me. > What are the use cases for ‘Sniffing archives specifically’? No idea. I only included it for completeness. The 'rules for sniffing * specifically' are intended as hooks for other specs to tie into. If no spec requires you to implement it, then you have no need to implement it. HTML uses 'rules for sniffing images specifically' (and 'rules for distinguishing if a resource is text or binary'), and I imagine it could also find uses for 'rules for sniffing audio specifically' and 'rules for sniffing video specifically' (and maybe even 'rules for sniffing fonts specifically'). > It > appears that it sniffs ODF-style files > (http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752809_826425813 > ; EPUB, ODF, InDesign, etc.) and Open Packaging Conventions-based > files (https://en.wikipedia.org/wiki/Open_Packaging_Conventions ; > OOXML, XPS, etc.) files as zip archives. Is that intended and a > desirable outcome in the light of use cases? (In general, it would be > easier to review if the spec makes sense if the use cases and callers > of various sniffing functions were known.) I don't think that's intended, but I don't know. The selection of which bytes to sniff predates me, and I don't know what the use cases are. > Otherwise, looks good to me. Thanks for the review! -- Gordon P. Hemsley m...@gphemsley.org http://gphemsley.org/ • http://gphemsley.org/blog/
[whatwg] [mimesniff] Review requested on MIME Sniffing Standard
Hey all, As you might have heard, I have taken over editorship of the MIME Sniffing Standard from Adam Barth. As a first step in my editorship, I have taken the opportunity to rewrite the document in a more procedural and modular way (IMO). The content and meaning itself is not supposed to have changed, and I need your help to verify that that is the case: http://mimesniff.spec.whatwg.org/ In addition, this now means that I am open to hearing your suggestions about how to improve the document beyond its current (i.e. former) semantics. You can file bugs here: https://www.w3.org/Bugs/Public/enter_bug.cgi?product=WHATWG&component=MIME As this document was originally an IETF document, there are also old issues here: http://trac.tools.ietf.org/wg/websec/trac/query?component=mime-sniff It's not clear to me which of those remain outstanding on the current version of the document, and it would be helpful to me if individuals with a vested interest in them could migrate them to Bugzilla (with updated descriptions that reflect the current state of the document). This will ensure that I address them in a timely manner. Also, it would be helpful if you could mark them as blocking the general bug here: https://www.w3.org/Bugs/Public/show_bug.cgi?id=19746 And if you want to follow the commits as they happen, you can follow @mimesniff on Twitter: https://twitter.com/mimesniff Thanks! Gordon -- Gordon P. Hemsley m...@gphemsley.org http://gphemsley.org/ • http://gphemsley.org/blog/