- From: Henry S. Thompson <ht@inf.ed.ac.uk>
- Date: Sun, 06 Dec 2009 13:57:41 +0000
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Tim Berners-Lee <timbl@w3.org>, Jonathan Rees <jar@creativecommons.org>, David Booth <david@dbooth.org>, www-tag@w3.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Reschke writes:
>> ...
>> So, what's interesting about this to me is that
>> a) Adam Barth's current mime-sniff draft [1] rules it out (because
>> text/plain to text/html is classified as privilege escalation,
>> because text/html is 'scriptable');
>
> But as far as I understand it it *does* sniff text/plain as text/html
> in some cases (when certain control characters are found in the right
> place).
Please walk us through this path in the draft, because I just reviewed
it again and convinced myself that it couldn't happen.
ht
- --
Henry S. Thompson, School of Informatics, University of Edinburgh
Half-time member of W3C Team
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFLG7hVkjnJixAXWBoRApkfAJ9aCpffdBfkcv5cIwtq85isYf3I9gCbBpTE
0fqB1+kz6LclAIx8ZxZI7OE=
=3bZS
-----END PGP SIGNATURE-----
Received on Sunday, 6 December 2009 13:58:13 UTC