Comment 7 for bug 34758

Revision history for this message
Stuart Bishop (stub) wrote : Re: librarian will set type to text/html though it should be text/plain

We trust the mime type sent by the browser. So at the moment it is garbage in, garbage out.

If it is only a case of text/plain being sent as text/html, can we special case this in the Librarian? I can't think of a use case where we *want* to store HTML in the Librarian and have it served up as HTML. So we can make the Librarian serve HTML mime types as text/plain or better yet store them in the database as text/plain on upload. I think we need to do this one day anyway, as if the Librarian starts doing authentication it will become a source of attacks.