Why is this sniffing gone awry? Nothing bad seems to have happened in this example.
Adam On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes <[email protected]> wrote: > Related to draft-ietf-websec-mime-sniff, an example of sniffing gone awry: > <http://lcamtuf.coredump.cx/squirrel/> > > It's a valid JPEG image that contains and HTML snippet in a comment segment. > As a result, when a browser loads the URL expecting an image, it renders the > image content, and when it expects HTML, it skips the binary junk at the top > and renders the HTML [*]. (In both cases, the server reports Content-Type > text/html.) What's even more startling is that Chrome helpfully adds the > binary junk at the top as the first child of the <body> element in the parsed > DOM! > > --Richard > > > [*] At least in Chrome 20.0.1132.47 > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
