Closed Bug 155529 Opened 23 years ago Closed 23 years ago

Content-type specified by META HTTP-EQUIV ignored when server reports text/plain

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 155530

People

(Reporter: aleksander.adamowski, Assigned: darin.moz)

References

(
URL
)

Details

The URL shown here gives a page where a misconfigured server specifies text/plain content type. However, it returns HTML code, and there's a META tag that speicifes text/html: <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> Internet Explorer 6 honors that META tag and displays the page as HTML. It apparently tries to find a META HTTP-EQUIV tag in all files that have their top-level media type declared as text (I'd guess it only scans their initial ~100 bytes to reduce overhead processing), and if it's html, treat it as text/html. I propose that similar media type checking be implemented in Mozilla. The implementation has to be carefully thought out to avoid security problems - for example, the explosion of Nimda worm was possible because Internet Explorer/Outlook Express has a flawed model of content-type determination. The mail message declared audio/x-wav content type for the file, but its extension was .exe. When the file was passed to media player from Outlook Express (according to declared content type), media player run it as an executable (according to its extension). Similar dangers may be present when this feature is implemented.
Sorry, the bug was submitted twice by Moz. Closing. *** This bug has been marked as a duplicate of 155530 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.