On Mon, May 12, 2014 at 4:17 PM, Ian Hickson <i...@hixie.ch> wrote:
> On Mon, 12 May 2014, Eduardo' Vela\" <Nava> wrote:
>> Now, with appcache manifest files, we are introducing a
>> security-sensitive change based on a file with special powers (more on
>> this later), and while before they were guarded by a Content-Type check,
>> this isn't the case anymore.
>
> Note that there _is_ still a content type check with appcache, it's just
> done on the first few bytes of the file instead of on the metadata. (This
> is IMHO how all file typing should work.)

There's a big difference between the first few bytes of a file and the
Content-Type HTTP header.  In many scenarios, the former is under the
control of an attacker when the latter is not.

Adam

Reply via email to