[whatwg] [mimesniff] Treating application/octet-stream as unknown for sniffing

Gordon P. Hemsley gphemsley at gmail.com
Wed Nov 28 23:07:29 PST 2012

On Thu, Nov 29, 2012 at 1:30 AM, Gordon P. Hemsley <gphemsley at gmail.com> wrote:
> Based on my reading of the source code, it seems that Gecko treats a
> resource served as 'application/octet-stream' as an unknown type which
> is sniffed as if no Content-Type was specified.

Oh, wait, I forgot what I was reading—Gecko does this specifically in
the context of sniffing for an audio or video resource. So, if a
resource tagged as 'application/octet-stream' is included in <audio>
or <video>, for example, it will be treated as unknown for the
purposes of identifying its true nature. This never follows a path of
scriptable privilege escalation, AFAICT.

So perhaps a more useful question would be what to do in situations
like that—should mimesniff treat "application/octet-stream" as a type
"supported by the browser" for the purposes of sniffing images, audio
or video, fonts, or other media types?

I imagine this ties in, too, to the issues with sniffing CSS files
that has been raised elsewhere:


Gordon P. Hemsley
me at gphemsley.org

More information about the whatwg mailing list