[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: well-formedness error

To: atom-syntax@xxxxxxx
Subject: Re: well-formedness error
From: Phil Ringnalda <philringnalda@xxxxxxxxx>
Date: Thu, 17 Jun 2004 00:27:29 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-id: <atom-syntax.imc.org>
List-unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-atom-syntax@xxxxxxxxxxxx

On Thu, 17 Jun 2004 00:06:28 -0700, Tim Bray <tim.bray@xxxxxxx> wrote:
> 
> However, smarter people than I have said that ignoring the
> Content-type is a potentially rich source of security holes.  Hmm, I
> wonder if one could adopt a Best Practice along the lines of "respect
> the Content-type header unless it's text/xml which is obviously a sign
> of someone who was completely clueless about setting their Content-type
> header."

I wish that didn't sound so much like Internet Explorer's "respect the
Content-type header unless it's text/plain and there's an angle
bracket in the first 1024 bytes, which is obviously a sign of someone
who was completely clueless about setting their Content-type header to
text/html."

Wups, that would be the security hole in question.

If I wanted to show people a feed so vile and full of exploits it
would cause any aggregator around to explode, my first thought would
be to link to a text/plain version of it. Hands up, developers whose
reader would happily subscribe anyway.

Phil Ringnalda

References:
- RE: well-formedness error
  - From: Dare Obasanjo
- Re: well-formedness error
  - From: Danny Ayers
- Re: well-formedness error
  - From: Sam Ruby
- Re: well-formedness error
  - From: Tim Bray

Prev by Date: Re: well-formedness error
Next by Date: Re: well-formedness error
Previous by thread: Re: well-formedness error
Next by thread: Re: well-formedness error
Index(es):
- Date
- Thread