This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Related to IETF websec Issue #21: http://trac.tools.ietf.org/wg/websec/trac/ticket/21 Like XML, there are a number of ZIP-based file formats that will be sniffed as ZIP if not handled carefully. In general, this is not a particularly bad thing, but it would be better to sniff files accurately than "good enough". Currently, XML-based types are not sniffed like regular types, which is made easy by the fact that XML-based types are generally labeled as such. We could do the same for ZIP-based types, but the exception list will be longer, because not all ZIP-based types are explicitly labeled as such. There is work being done to introduce a "+zip" suffix, but it is not clear whether any existing media type uses it yet: http://tools.ietf.org/html/draft-ietf-appsawg-media-type-suffix-regs ( Suffix registration in general is covered here: http://tools.ietf.org/html/draft-ietf-appsawg-media-type-regs ) The IE9 changelog notes a number of file extensions (and, thereby, file formats) which are ZIP-based: [".zipx", "accdt", "crtx", "docm", "docx", "dotm", "dotx", "gcsx", "glox", "gqsx", "potm", "potx", "ppam", "ppsm", "ppsx", "pptm", "pptx", "sldx", "thmx", "vdw", "xlam", "xlsb", "xlsm", "xlsx", "xltm", "xltx"] http://blogs.msdn.com/b/ieinternals/archive/2011/02/11/ie9-release-candidate-minor-changes-list.aspx This is likely not an exhaustive list.
I'm not convinced we should expand sniffing necessarily. If you feel strongly let's discuss it in a new issue over at https://github.com/whatwg/mimesniff.