[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing
Gordon P. Hemsley
gphemsley at gmail.com
Wed Nov 28 23:07:29 PST 2012
On Thu, Nov 29, 2012 at 1:30 AM, Gordon P. Hemsley <gphemsley at gmail.com> wrote:
> Based on my reading of the source code, it seems that Gecko treats a
> resource served as 'application/octet-stream' as an unknown type which
> is sniffed as if no Content-Type was specified.
Oh, wait, I forgot what I was reading—Gecko does this specifically in
the context of sniffing for an audio or video resource. So, if a
resource tagged as 'application/octet-stream' is included in <audio>
or <video>, for example, it will be treated as unknown for the
purposes of identifying its true nature. This never follows a path of
scriptable privilege escalation, AFAICT.
So perhaps a more useful question would be what to do in situations
like that—should mimesniff treat "application/octet-stream" as a type
"supported by the browser" for the purposes of sniffing images, audio
or video, fonts, or other media types?
I imagine this ties in, too, to the issues with sniffing CSS files
that has been raised elsewhere:
https://bugzilla.mozilla.org/show_bug.cgi?id=560388
https://bugzilla.mozilla.org/show_bug.cgi?id=562377
https://bugzilla.mozilla.org/show_bug.cgi?id=808593
--
Gordon P. Hemsley
me at gphemsley.org
http://gphemsley.org/ • http://gphemsley.org/blog/
More information about the whatwg
mailing list