We trust the mime type sent by the browser. So at the moment it is garbage in, garbage out.
If it is only a case of text/plain being sent as text/html, can we special case this in the Librarian? I can't think of a use case where we *want* to store HTML in the Librarian and have it served up as HTML. So we can make the Librarian serve HTML mime types as text/plain or better yet store them in the database as text/plain on upload. I think we need to do this one day anyway, as if the Librarian starts doing authentication it will become a source of attacks.
We trust the mime type sent by the browser. So at the moment it is garbage in, garbage out.
If it is only a case of text/plain being sent as text/html, can we special case this in the Librarian? I can't think of a use case where we *want* to store HTML in the Librarian and have it served up as HTML. So we can make the Librarian serve HTML mime types as text/plain or better yet store them in the database as text/plain on upload. I think we need to do this one day anyway, as if the Librarian starts doing authentication it will become a source of attacks.