Related to draft-ietf-websec-mime-sniff, an example of sniffing gone awry: <http://lcamtuf.coredump.cx/squirrel/>
It's a valid JPEG image that contains and HTML snippet in a comment segment. As a result, when a browser loads the URL expecting an image, it renders the image content, and when it expects HTML, it skips the binary junk at the top and renders the HTML [*]. (In both cases, the server reports Content-Type text/html.) What's even more startling is that Chrome helpfully adds the binary junk at the top as the first child of the <body> element in the parsed DOM! --Richard [*] At least in Chrome 20.0.1132.47 _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
