[webkit-reviews] review denied: [Bug 71851] Implement script MIME restrictions for X-Content-Type-Options: nosniff : [Attachment 186822] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 6 10:27:32 PST 2013
Adam Barth <abarth at webkit.org> has denied Mike West <mkwst at chromium.org>'s
request for review:
Bug 71851: Implement script MIME restrictions for X-Content-Type-Options:
nosniff
https://bugs.webkit.org/show_bug.cgi?id=71851
Attachment 186822: Patch
https://bugs.webkit.org/attachment.cgi?id=186822&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=186822&action=review
As I mentioned on webkit-dev, we should check that the latest version of IE
still has this behavior.
> Source/WebCore/loader/cache/CachedScript.cpp:134
> + // List of types from
http://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx
We already have a list of MIME types that we accept in the "type" attribute of
the script tag. Should we use that list instead?
> Source/WebCore/loader/cache/CachedScript.cpp:143
> + permittedMimeTypes.add("text/vbs");
> + permittedMimeTypes.add("text/vbscript");
We don't support vbscript, so presumably we wouldn't want have these on the
list....
More information about the webkit-reviews
mailing list