Re: [webkit-dev] Adding 'X-Content-Type-Options: nosniff' support for scripts.

2013-02-07 Thread Mike West 
(resending from the correct address)

I just checked
http://philip.html5.org/tests/ie8/cases/content-type-nosniff.html in IE10,
and '
http://philip.html5.org/tests/ie8/cases/resources/script_as_text_plain_nosniff'
is blocked as expected. It looks like they resolved the issues they faced
without changing the behavior significantly.

-mike

-Mike


On Thu, Feb 7, 2013 at 10:17 AM, Mike West  wrote:

> I just checked
> http://philip.html5.org/tests/ie8/cases/content-type-nosniff.html in
> IE10, and '
> http://philip.html5.org/tests/ie8/cases/resources/script_as_text_plain_nosniff'
> is blocked as expected. It looks like they resolved the issues they faced
> without changing the behavior significantly.
>
> -mike
>
> --
> Mike West , Developer Advocate
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
>
> On Wed, Feb 6, 2013 at 7:19 PM, Adam Barth  wrote:
>
>> We should check whether IE still have that behavior (i.e., in the
>> latest version of IE).  I remember them running into some
>> compatibility problems with that aspect of nosniff, and I'm not sure
>> if they resolved those issue via evangelism or by adopting our
>> behavior.
>>
>> Adam
>>
>>
>> On Wed, Feb 6, 2013 at 1:33 AM, Mike West  wrote:
>> > Continuing my trend of digging up old threads, I'd like to implement
>> support
>> > for 'X-Content-Type-Options: nosniff' when processing script, as
>> discussed
>> > way back in 2011:
>> > https://lists.webkit.org/pipermail/webkit-dev/2011-November/018557.html
>> .
>> >
>> > This should be a pretty small patch[1], but because support might
>> require
>> > work outside WebKit, I'll implement it behind an ENABLE_NOSNIFF flag[2].
>> >
>> > Thanks!
>> >
>> > [1]: https://bugs.webkit.org/show_bug.cgi?id=71851
>> > [2]: https://bugs.webkit.org/show_bug.cgi?id=109029
>> >
>> > -mike
>> >
>> > ___
>> > webkit-dev mailing list
>> > webkit-dev@lists.webkit.org
>> > https://lists.webkit.org/mailman/listinfo/webkit-dev
>> >
>>
>
>
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Adding 'X-Content-Type-Options: nosniff' support for scripts.

2013-02-06 Thread Adam Barth 
We should check whether IE still have that behavior (i.e., in the
latest version of IE).  I remember them running into some
compatibility problems with that aspect of nosniff, and I'm not sure
if they resolved those issue via evangelism or by adopting our
behavior.

Adam


On Wed, Feb 6, 2013 at 1:33 AM, Mike West  wrote:
> Continuing my trend of digging up old threads, I'd like to implement support
> for 'X-Content-Type-Options: nosniff' when processing script, as discussed
> way back in 2011:
> https://lists.webkit.org/pipermail/webkit-dev/2011-November/018557.html.
>
> This should be a pretty small patch[1], but because support might require
> work outside WebKit, I'll implement it behind an ENABLE_NOSNIFF flag[2].
>
> Thanks!
>
> [1]: https://bugs.webkit.org/show_bug.cgi?id=71851
> [2]: https://bugs.webkit.org/show_bug.cgi?id=109029
>
> -mike
>
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

[webkit-dev] Adding 'X-Content-Type-Options: nosniff' support for scripts.

2013-02-06 Thread Mike West 
Continuing my trend of digging up old threads, I'd like to implement
support for 'X-Content-Type-Options: nosniff' when processing script, as
discussed way back in 2011:
https://lists.webkit.org/pipermail/webkit-dev/2011-November/018557.html.

This should be a pretty small patch[1], but because support might require
work outside WebKit, I'll implement it behind an ENABLE_NOSNIFF flag[2].

Thanks!

[1]: https://bugs.webkit.org/show_bug.cgi?id=71851
[2]: https://bugs.webkit.org/show_bug.cgi?id=109029

-mike
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev