[whatwg] [mimesniff] Sniffing archives

Gordon P. Hemsley gphemsley at gmail.com
Wed Dec 5 12:31:26 PST 2012


(It seems I somehow managed to not send this to the list the first
time around. Addendum included.)

On Tue, Dec 4, 2012 at 2:40 AM, Adam Barth <w3c at adambarth.com> wrote:
> On Mon, Dec 3, 2012 at 12:39 PM, Julian Reschke <julian.reschke at gmx.de> wrote:
>> On 2012-11-29 20:25, Adam Barth wrote:
>>> These are supported in Chrome.  That's what causes the download.  From
>>
>> Can you elaborate about what you mean by "supported"? Chrome sniffs for the
>> type, and then offers to download as a result of that sniffing? How is that
>> different from not sniffing in the first place?
>
> They might otherwise be treated as a type that can be displayed
> (rather than downloaded).

But isn't the whole point of the spec to eliminate such accidental
sniffing? Anything not explicitly sniffed based on the first bytes of
the file will be assumed to be either 'application/octet-stream' or
'text/plain', depending on whether there are binary bytes present.

The old IE behavior that you were investigating in your 2009 paper,
where you sniff beyond the first few bytes to find embedded HTML, is
eliminated with this sniffing algorithm. There is no case where you
would accidentally sniff something as scriptable, if you were
following the algorithm correctly.

Or am I missing something?

P.S.

Note also that I have previously defined what it means to be
"supported by the user agent":

"A valid media type is supported by the user agent if the user agent
has the capability to interpret a resource of that media type and
present it to the user."

http://mimesniff.spec.whatwg.org/#supported-by-the-user-agent

-- 
Gordon P. Hemsley
me at gphemsley.org
http://gphemsley.org/http://gphemsley.org/blog/



More information about the whatwg mailing list