On Fri, 25 May 2007, Gervase Markham wrote:
> The plain fact is that the only way for the sensible mitigation strategy 
> to work is for the browser to respect what the server tells it. Perhaps 
> we should invent a new header, 
> Really-Honestly-The-Content-Type-I-Promise, which browsers were forced 
> to respect? <sigh>

That's what Content-Type was. Why would Content-Type-2 be any more likely 
to be respected than Content-Type?

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Reply via email to