[whatwg] Style sheet loading and parsing (over HTTP)

Gervase Markham gerv at mozilla.org
Fri May 25 02:41:52 PDT 2007

Jon Barnett wrote:
> I would propose that the "type" attribute be more meaningful on, for 
> example, the <a> element and the <object> element:
> - If the "type" attribute is present, the UA must use its value as the 
> value of the Accept request header when requesting a resource

This does not help in the scenario I mention because the link which is 
used is in the spammer's email - and they are unlikely to be so obliging 
as to set the "type" attribute correctly to warn Bugzilla.

The plain fact is that the only way for the sensible mitigation strategy 
to work is for the browser to respect what the server tells it. Perhaps 
we should invent a new header, 
Really-Honestly-The-Content-Type-I-Promise, which browsers were forced 
to respect? <sigh>

> That would allow, for example, Bugzilla to use <a type="text/plain"> 
> when linking to an attachment without fear that the attachment might be 
> sniffed as text/html.

See above.


More information about the whatwg mailing list