#21: sniffing of text/html shouldn't override polyglot label of
application/xhtml+xml
(I have to double check that this is true):
In general, "sniffing" is dangerous in "polyglot" cases where the same
content CAN be served with different media types, where the meaning is the
same or related.
For example, there are types for packaged formats that use ZIP and thus
have the ZIP magic number but aren't served as ZIP, text/plain is
sometimes used to deliver examples of otherwise mal-formed XML, etc.
It would seem better to discourage sniffing in cases where the content is
valid for the type that it's actually labeled, and to treat that as a
special case.
(One still might want to sniff text/html when the type is labeled
text/plain, for example, but not for other polyglot cases.)
--
------------------------+--------------------------------------------
Reporter: masinter@… | Owner: draft-ietf-websec-mime-sniff@…
Type: defect | Status: new
Priority: major | Milestone:
Component: mime-sniff | Version:
Severity: - | Keywords:
------------------------+--------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/21>
websec <http://tools.ietf.org/websec/>
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
