Re: [Wikitech-l] IE 6/7 MIME type sniffing checks on uploads - is it time to retire them?

On Mon, Jan 28, 2019 at 10:58 PM Kunal Mehta wrote: > Tim wrote a nice blog post about how he reverse-engineered this: > . > > I don't have any comments on whether it's still needed, but if it's > determined that MediaWiki can drop the

Re: [Wikitech-l] IE 6/7 MIME type sniffing checks on uploads - is it time to retire them?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, On 1/28/19 3:58 PM, Brion Vibber wrote: > Years ago, we added security checks for IE 5/6/7 to work around > IE's mime type sniffing: if you went to view a .png file directly > in IE (as opposed to in an ) the browser would check the first > few

[Wikitech-l] IE 6/7 MIME type sniffing checks on uploads - is it time to retire them?

There's been some comments on some old tasks such as T27707 about problems with uploading files that include text metadata that looks like HTML elements. Years ago, we added security checks for IE 5/6/7 to work around IE's mime type sniffing: if you went