Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Browsers ignore tag-terminating byte when sniffing scriptable patterns #154

Open
GPHemsley opened this issue Sep 4, 2021 · 1 comment
Open

Browsers ignore tag-terminating byte when sniffing scriptable patterns #154

GPHemsley opened this issue Sep 4, 2021 · 1 comment
Labels
topic: mime type sniffing

Comments

@GPHemsley
Copy link
Member

The way the rules for identifying an unknown MIME type are supposed to work is that only the patterns listed in the table are allowed to be sniffed, including the tag-terminating byte of either space or closing angle bracket. However, both Firefox and Chrome ignore the tag-terminating byte in apparently all instances listed in the table.

This is either a security risk in the browsers, or we should update mimesniff to remove the requirement.
@GPHemsley
Copy link
Member Author

Actually, Firefox prompts for download in a number of strange cases where the options should be either text/html or text/plain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: mime type sniffing
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GPHemsley