> Can we not use the request nsIContentPolicy to determine if we're looking for script? I don't really understand the question. We already use the `nsIContentPolicyType` to to determine if something is a document/sub-document: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/HttpBaseChannel.cpp#2752-2753. We then set the SkipContentSniffing flag. I think what we have to do is at least change nsUnknownDecoder to allow the sniffing of all non-scriptable types (so everything that isn't html, xml, pdf) even with the flag set. I will investigate this further, but I want to be really careful to not allow more sniffing the necessary.
Bug 1768069 Comment 17 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> Can we not use the request nsIContentPolicy to determine if we're looking for script? I don't really understand the question. We already use the `nsIContentPolicyType` to to determine if something is a document/sub-document: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/HttpBaseChannel.cpp#2752-2753. We then set the SkipContentSniffing flag. I think what we have to do is at least change nsUnknownDecoder to allow the sniffing of all non-scriptable types (so everything that isn't html, xml, pdf) even with the flag set. I will investigate this further, but I want to be really careful to not allow more sniffing than necessary.