cr4zybird wrote: > description: > IE doesn't recognize the extensions of files, which > may contain some html > code. IE's behaviour of ignoring a server's MIME type and doing its own magic(5) on the file before handling is a "feature" that has existed in it since some MS programmer decided it was a low risk, high reward feature (which it's not, he should've read "Writing Solid Code" 1993 MS Press). I think only a few ancient web servers today still give the incorrect type for files such as PNG. I think this behaviour is also tickled by the various Outlook viruses (they hide their "real" type by using a no-show extension). Javascript itself in a browser like x86 IE (where Microsoft has put much code to leverage ActiveX, etc) is dangerous anyways, because of the core OS control being in bed with something which parses remotely originated, untrusted data. Not to mention the more general Javascript problem that clients are trusting remote server code, and servers trusting remote client code results. But everyone says I'm too paranoid :) -- www.kuro5hin.org -- technology and culture, from the trenches.
This archive was generated by hypermail 2b30 : Sat Jul 28 2001 - 19:33:32 PDT