<hat="individual">
Am not sure I understand this issue:
- in which way is it more certain that there is no mislabeled PDF than a
mislabeled jpg or mislabeled rtf?
- what about scenarios in which there is no content-type (e.g. ftp,
filesystem), should in this case sniffing not be done?
Kind regards, Tobias
On 24/10/11 00:43, websec issue tracker wrote:
#19: Do not sniff PDF
There should be a strong advice not to sniff PDF -- if the data is
mislabeled as something else, then sending it to a PDF interpreter is
likely just an error.
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
