(It seems I somehow managed to not send this to the list the first
time around. Addendum included.)

On Tue, Dec 4, 2012 at 2:40 AM, Adam Barth <w...@adambarth.com> wrote:
> On Mon, Dec 3, 2012 at 12:39 PM, Julian Reschke <julian.resc...@gmx.de> wrote:
>> On 2012-11-29 20:25, Adam Barth wrote:
>>> These are supported in Chrome.  That's what causes the download.  From
>>
>> Can you elaborate about what you mean by "supported"? Chrome sniffs for the
>> type, and then offers to download as a result of that sniffing? How is that
>> different from not sniffing in the first place?
>
> They might otherwise be treated as a type that can be displayed
> (rather than downloaded).

But isn't the whole point of the spec to eliminate such accidental
sniffing? Anything not explicitly sniffed based on the first bytes of
the file will be assumed to be either 'application/octet-stream' or
'text/plain', depending on whether there are binary bytes present.

The old IE behavior that you were investigating in your 2009 paper,
where you sniff beyond the first few bytes to find embedded HTML, is
eliminated with this sniffing algorithm. There is no case where you
would accidentally sniff something as scriptable, if you were
following the algorithm correctly.

Or am I missing something?

P.S.

Note also that I have previously defined what it means to be
"supported by the user agent":

"A valid media type is supported by the user agent if the user agent
has the capability to interpret a resource of that media type and
present it to the user."

http://mimesniff.spec.whatwg.org/#supported-by-the-user-agent

-- 
Gordon P. Hemsley
m...@gphemsley.org
http://gphemsley.org/http://gphemsley.org/blog/

Reply via email to