On 12/30/2002 7:00 PM Nelson B. Bolyard cranked up the brainbox and said: > Grey Hodge / jesus X wrote: > Fake/alter? The MIME content type is, by definition, the correct type that > the browser should honor. It is possible for the MIME content type to > differ from Windows association with the file name extension. That is not > a "fake" content type, and in such cases, the corrent standards-compliant > behavior is to obey the MIME content type, not the file name extension.
Yes yes, by all means let's go nuts on a word. This way we can post many messages and feel good about ourselves. Ignore fake and just keep the wod alter in there, mkay? The meaning stays the same. > The way to do it (on Windows) is to lookup the MIME content type in the > registry (assuming it's not one that mozilla overrides), find the command > used to open that type, and then run that command, passing the (temp) file > name as the appropriate argument (e.g. as %1). Which can be exploited. Passing a VBS to whatever may be associated is just as bad as passing it right to Windows, regardless of ti's name. Readme.txt is perfectly benign, unless it's forced into the role of an EXE or VBS because someone passed an executable or VBS mimetype. > They don't need to be visible if they have no role in deciding the > disposition of the file. Standards-compliant browser behavior is to > handle the file per its MIME content type. So, the thing the user needs > to see is the MIME content type. In your opinion. To the rest of us in teh real world, where Windows doesn't give a hoot about MIME types, we need to see the extension. -- jesus X [ Booze-fueled paragon of pointless cruelty and wanton sadism. ] email [ jesus_x @ mozillanews.org ] web [ http://www.mozillanews.org ] query [ And which parallel universe did you crawl out of? ] warning [ Go away or I shall replace you with a very small shell script. ]
