Bug 1582671 Comment 18 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Christoph, that still won't be compatible with Chrome though, right?

Also, I get unexpected results for
```
HTTP/1.1 200 OK
Content-Length: 25
Content-Type: xx
X-Content-Type-Options: nosniff

<script>alert(1)</script>
```
as this executes in Firefox. Same when I remove `Content-Type`. Only when I replace `Content-Type`'s value with `x/x` does it download. Chrome always renders as text. Safari consistently downloads all variants (and presumably has a similar compatibility issue).

I can kinda see why we might want to implement a short term workaround (though given the above case it's unclear how that's different from what we already do), but long term being different from both Chrome and Safari doesn't seem like a good outcome.
Christoph, that still won't be compatible with Chrome though, right? I can kinda see why we might want to implement a short term workaround, but long term being different from both Chrome and Safari doesn't seem like a good outcome.

Back to Bug 1582671 Comment 18