Re: [whatwg] behavior

Fri, 16 Oct 2009 15:04:29 -0700

On Fri, Oct 16, 2009 at 5:56 PM, Ben Laurie <b...@google.com> wrote:
> On Fri, Oct 16, 2009 at 5:48 PM, Boris Zbarsky <bzbar...@mit.edu> wrote:
>> This is, imo, a much bigger problem than that of people embedding content
>> from an untrusted site and getting content X instead of content Y,
>> especially because content X can't actually access the page that contains
>> it, right?
>
> Flash can, for example.

If Flash can do bad things, then sourcing Flash from an untrusted site
and getting malicious Flash with the expected MIME type doesn't seem
like it's any better than getting malicious Quicktime or Java or
whatever via a switched MIME type.  Is there something I'm missing?

Mike

Reply via email to