Issue 3859: Investigate extension matching, instead of content sniffing, for FTP resources http://code.google.com/p/chromium/issues/detail?id=3859
New issue report by lcamtuf: When receiving a file over FTP, Chrome currently treats it the same as a case of a HTTP resource received with no Content-Type headers, and indulges in content sniffing without paying any attention to file extensions. This means that .TXT or .EXE files may be - quite confusingly and counterintuitively - rendered as HTML when accessed over ftp://. Although it makes sense from a technical standpoint, it violates the principle of least astonishment. A different, more reasonable logic is applied to local files, where extensions are taken into account. The same behavior is followed by MSIE, Firefox, and Safari. Opera performs extension matching, however. Since Opera behavior is more intuitive, we should investigate making this a default, time permitting. It appears to pose a very low risk of breaking anything. The problem got reported as a security issue, but I don't believe it is one: http://packetstormsecurity.nl/0810-exploits/firefox-check.txt Issue attributes: Status: Untriaged Owner: lcamtuf CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Labels: Type-Bug OS-All Pri-3 Type-Bug Area-Misc -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
