Content sniffing
This article needs additional citations for verification. (January 2024) |
Content sniffing, also known as media type sniffing or MIME sniffing, is the practice of inspecting the content of a
A specification exists for media type sniffing in HTML5, which attempts to balance the requirements of security with the need for reverse compatibility with web content with missing or incorrect MIME-type data. It attempts to provide a precise specification that can be used across implementations to implement a single well-defined and deterministic set of behaviors.[4]
The UNIX file command can be viewed as a content sniffing application.
Charset sniffing
Numerous web browsers use a more limited form of content sniffing to attempt to determine the
Most encodings do not allow evasive presentations of ASCII characters, so charset sniffing is less dangerous in general because, due to the historical accident of the ASCII-centric nature of scripting and markup languages, characters outside the ASCII repertoire are more difficult to use to circumvent security boundaries, and misinterpretations of character sets tend to produce results no worse than the display of mojibake.
See also
References
- ^ "MIME Type Detection in Windows Internet Explorer". Microsoft. Retrieved 2012-07-14.
- ^ Barth, Adam. "Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves" (PDF).
- ^ Henry Sudhof (11 February 2009). "Risky sniffing: MIME sniffing in Internet Explorer enables cross-site scripting attacks". The H. Retrieved 2012-07-14.
- ^ Adam Barth, Ian Hickson. "Mime Sniffing". WHATWG. Retrieved 2012-07-14.
- MSDN. Retrieved 2012-07-14.
External links
- X-Content-Type-Options header
- MIME Sniffing Standard
- L. Masinter (March 27, 2011). "Internet Media Types and the Web". IETF. Retrieved 2012-07-14.
- A. Barth, I. Hickson (January 24, 2011). "Media Type Sniffing". IETF. Retrieved 2012-07-14.
- David Risney. "Mime-sniffing". Retrieved 2012-07-14.