<hat="individual">
I tend not to agree with that.
The fact that charset sniffing might happen at the same time as
mime-sniffing does not seem like a strong argument to include this in
the draft.
Furthermore I would rather have these issues separate:
First you determine the content-type and then after that you may want to
determine the charset used within that content-type (if you really have
to sniff the charset). I can also imagine that charset sniffing
algorithm might be depending on the application identified by the
sniffed mime-type, which again would speak against throwing it in
together with mime-sniffing....
Kind regards, Tobias
On 24/10/11 00:55, websec issue tracker wrote:
#22: content-type sniffing should include charset sniffing
the HTML5 spec contains some algorithms for sniffing charset, overriding
labeled charset, etc.
MIME parameters like charset are as much a part of the content-type as the
base internet media type, and any sniffing of parameters and other
metadata (overriding content-type or guessing where it is not supplied or
wrong) should be included in this document, since the sniffing will happen
at the same time.
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
