On Mon, May 12, 2014 at 4:17 PM, Ian Hickson <i...@hixie.ch> wrote: > On Mon, 12 May 2014, Eduardo' Vela\" <Nava> wrote: >> Now, with appcache manifest files, we are introducing a >> security-sensitive change based on a file with special powers (more on >> this later), and while before they were guarded by a Content-Type check, >> this isn't the case anymore. > > Note that there _is_ still a content type check with appcache, it's just > done on the first few bytes of the file instead of on the metadata. (This > is IMHO how all file typing should work.)
There's a big difference between the first few bytes of a file and the Content-Type HTTP header. In many scenarios, the former is under the control of an attacker when the latter is not. Adam
