[whatwg] Style sheet loading and parsing (over HTTP)
Gervase Markham
gerv at mozilla.org
Fri May 25 02:41:52 PDT 2007
Jon Barnett wrote:
> I would propose that the "type" attribute be more meaningful on, for
> example, the <a> element and the <object> element:
> - If the "type" attribute is present, the UA must use its value as the
> value of the Accept request header when requesting a resource
This does not help in the scenario I mention because the link which is
used is in the spammer's email - and they are unlikely to be so obliging
as to set the "type" attribute correctly to warn Bugzilla.
The plain fact is that the only way for the sensible mitigation strategy
to work is for the browser to respect what the server tells it. Perhaps
we should invent a new header,
Really-Honestly-The-Content-Type-I-Promise, which browsers were forced
to respect? <sigh>
> That would allow, for example, Bugzilla to use <a type="text/plain">
> when linking to an attachment without fear that the attachment might be
> sniffed as text/html.
See above.
Gerv
More information about the whatwg
mailing list