[whatwg] MIME Sniffing spec - http://mimesniff.spec.whatwg.org/

Boris Zbarsky bzbarsky at MIT.EDU
Sat Oct 22 07:53:11 PDT 2011


On 10/22/11 6:09 AM, Daniel Glazman wrote:
>>> text/plain; charset=iso-8859-1
>>>
>>> This is wrong. Nothing in the MIME or the HTTP specs says such a
>>> whitespace is mandatory. Whitespace is explicitely forbidden between
>>> type and subtype, between parameter-name and parameter-value, but that's
>>> all. AFAIC, |text/plain;charset=iso-8859-1| is perfectly valid and
>>> |text/plain ; charset=iso-8859-1| is perfectly valid too.
>>
>> We do not want to sniff text/plain more than strictly necessary.
>
> Sorry, I don't understand that answer, what do you mean exactly ?

Normally, when a browser receives a header of the form "text/plain ...." 
where ... is anything, it should treat the page as text-plain.

However, there is a known bug in old Apache installations where Apache 
defaulted to sending a type of "text/plain" or "text/plain; 
charset=iso-8859-1" or "text/plain; charset=ISO-8859-1" or "text/plain; 
charset=UTF8" (depending on the installation) any time it didn't know 
what type of data the file was.

Therefore, it is fairly common for random binary files to be served with 
those 4 exact header values.  Thus, if those _exact_ strings are 
encountered the UA needs to sniff to make sure it's not actually binary.

> If I read the document correctly, UAs are going to fallback to complex
> type detection with perf and time cost just because the content-type
> detection did not honour the potential presence of whitespace ???
> Really ?

You read it wrong.  If the whitespace doesn't match the exact values in 
the table, the UA will just treat the page as text/plain.  It's only 
when the header value is exactly one of the 4 in the table that the UA 
will go into http://mimesniff.spec.whatwg.org/#text-or-binary

-Boris



More information about the whatwg mailing list