Finn Årup Nielsen wrote: > On Wed, 2011-08-10 at 17:39 +0200, Daniel Friesen wrote: > >> MediaWiki does not permit this because allowing random people to create >> pages and have them returned to a user with a text/html or other >> mimetype creates XSS vectors and ways of distributing malware. > > Yes, I that is right, but I suppose that "text/csv" mimetype would be > safe? > > /Finn
It _seems_ to be safe, both looking at the Media Type Sniffing specification, and our IEContentAnalyzer rewritten from the dread IE sniffing. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l