On Tue, Aug 21, 2007 at 04:04:52AM -0000, Stuart Bishop wrote:
> We trust the mime type sent by the browser. So at the moment it is
> garbage in, garbage out.
I wonder what's confusing Firefox, then. These files don't look like HTML
to file(1), for example.
Alexander, can you tell us how the detection works?
> If it is only a case of text/plain being sent as text/html, can we
> special case this in the Librarian? I can't think of a use case where we
> *want* to store HTML in the Librarian and have it served up as HTML. So
> we can make the Librarian serve HTML mime types as text/plain or better
> yet store them in the database as text/plain on upload. I think we need
> to do this one day anyway, as if the Librarian starts doing
> authentication it will become a source of attacks.
It seems like it should be possible to store HTML in the librarian and
record it as such, though I agree that it doesn't make sense to serve it
that way.
On Tue, Aug 21, 2007 at 04:04:52AM -0000, Stuart Bishop wrote:
> We trust the mime type sent by the browser. So at the moment it is
> garbage in, garbage out.
I wonder what's confusing Firefox, then. These files don't look like HTML
to file(1), for example.
Alexander, can you tell us how the detection works?
> If it is only a case of text/plain being sent as text/html, can we
> special case this in the Librarian? I can't think of a use case where we
> *want* to store HTML in the Librarian and have it served up as HTML. So
> we can make the Librarian serve HTML mime types as text/plain or better
> yet store them in the database as text/plain on upload. I think we need
> to do this one day anyway, as if the Librarian starts doing
> authentication it will become a source of attacks.
It seems like it should be possible to store HTML in the librarian and
record it as such, though I agree that it doesn't make sense to serve it
that way.
--
- mdz