[whatwg] <object> behavior
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Sep 15 05:53:40 PDT 2009
Ian Hickson wrote:
>> Since the whole point of text/plain sniffing is a workaround around a
>> known issue where content is reliably mis-marked as text/plain, and
>> since in this case there is a source of MIME information that's more
>> reliable than that, it's not clear to me why we want to continue
>> sniffing.
>>
>> Of course if there is no @type there is no problem; I'm specifically
>> concerned about the @type="text/plain" case here.
>
> What exactly are you proposing here?
>
> - Always honour type="" if it's a UA-supported type, ignoring server-
> provided content-type?
> - Always honour type="" without sniffing if it matches the server-
> provided content-type, even if normally that type would be sniffed?
> - Just honour type="text/plain" regardless of the server type, but for
> other UA-supported type=""s, use the server type?
My suggestion is to only perform text/plain "is this text or binary"
sniffing where it belongs: on the HTTP level; since it's a workaround
for a particular HTTP server bug. It shouldn't affect other type metadata.
Perform the sniffing such that it detects as either text/plain or
application/octet-stream.
Then if it's application/octet-stream we'll end up using the @type.
Though see below on other sniffing issues.
This does fail to sniff text/plain as the various "non-scriptable"
types, but I question how desirable that is anyway, honestly. If we
want to preserve this property without clobbering @type="text/plain"
then I need to think a bit more about how to specify the behavior here.
Maybe your option 2 is what would give that behavior... I can work
through it if you'd like.
Your option 1 would be ok if that's what we want (but a change from
HTML4 and what UAs at least _try_ to implement now; I'm not sure whether
it's desirable on its own). Your option 3 is a bit too magic for
text/plain in @type; unnecessarily so unless we want to go the full
option 1 route. All in my opinion, of course.
>> My concern about text/plain data being sniffed as text/html by your
>> current algorithm (even with the changes you've made) seems to remain
>> unaddressed.
>
> I thought I had. Can you walk me through how anything labeled text/plain
> could get sniffed as text/html with the new text?
Hmm. Assume the type attribute is not set and HTML data is sent as
text/plain and contains a "binary byte" in the first 512 bytes (can just
stick it in the <title> or something). Also assume no plug-in claims to
support the URI's file extension.
At step 3, the resource type is set to text/plain.
At step 4, the resource type is sniffed as application/octet-stream,
since text/html is marked as scriptable in [MIMESNIFFF].
At step 5, there is no @type, and the resource type is
application/octet-stream, so the resource type is changed to unknown.
At step 6, nothing changes since there is no plug-in supporting the
URI's file extension.
At step 7, the resource type is "unknown", so it is changed to the
"sniffed type of the resource".
Maybe I simply misunderstood this last reference, by way of contrasting
it with what step 4 says and you mean to apply the full sniffing
algorithm, including the special-cases for text/plain, and not just
section 5 of [MIMESNIFF]. In that case there wouldn't be a problem (the
data would get sniffed as application/octet-stream). That wasn't quite
clear, but I can see now that this is probably what you meant.
-Boris
More information about the whatwg
mailing list