[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing
Boris Zbarsky
bzbarsky at MIT.EDU
Wed Nov 28 22:48:46 PST 2012
On 11/29/12 1:30 AM, Gordon P. Hemsley wrote:
> Based on my reading of the source code, it seems that Gecko treats a
> resource served as 'application/octet-stream' as an unknown type which
> is sniffed as if no Content-Type was specified.
Only for media (<video> and <audio>) loads. Note that the HTML spec
requires this behavior for those.
> Are there security implications with doing this?
In general, yes. Doing this for document loads would be a security
nightmare, for example.
-Boris
More information about the whatwg
mailing list