On 9/2/10 3:53 PM, Aryeh Gregor wrote:
Why is it not a problem if there are suddenly use cases that are impossible
because the browser will ignore the author's intent?
Which use-cases?
Well, serving up data as text/plain for it to be readable is one. I
agree that for the specific case of <video> this is not a big deal.
Okay, but we're talking about standardizing sniffing in a spec. As
long as browsers' behavior in processing a given resource is
well-defined and reliable, a proxy could work fine by just
implementing the same algorithm. There's no reason that the proxy has
to only look at MIME types, is there? It simplifies the proxy a bit,
but not much. It will already have to do some content sniffing to
identify what content is dangerous, unless it's just going to block
everything of that file type (which I'm assuming isn't the case).
Why are you assuming that?
There are proposals for standardizing several different types of
sniffing, with the one used being context-dependent. A proxy wouldn't
have the context.
It can all be made to work by erring on the side of blocking more stuff,
but then you get to the point where the proxy makes it impossible to use
the browser altogether, and then it's not a viable solution to the
problem at hand.
Put another way: the problem here is not that browsers sniff. It's
that browsers don't behave interoperably or predictably. Speccing a
precise sniffing algorithm that everyone's willing to follow allows
proxies to reliably know what browsers will do with it. What will
cause problems is what you seem to be arguing for -- *not* speccing
sniffing
Er... Where did I propose this? I proposed speccing that there MUST NOT
be any sniffing, with browsers that sniff therefore being nonconformant.
I didn't propose allowing ad-hoc sniffing.
For the use-case of filtering
exploits, it doesn't really matter what the behavior is, so long as
it's consistent.
Only if "consistent" includes "consistent across all contexts"....
(which no one is proposing to either specify or implement).
-Boris
