38364 – MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html

Bug 38364 - MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html

Summary: MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tools / Tests (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:	37358
Blocks:
	Show dependency tree / graph

Reported:	2010-04-29 17:57 PDT by David Kilzer (:ddkilzer)
Modified:	2010-05-02 14:40 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch v1 (1.59 KB, patch) 2010-04-29 18:01 PDT, David Kilzer (:ddkilzer)	levin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Kilzer (:ddkilzer) 2010-04-29 17:57:00 PDT

I believe there is a typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html where "application-javascript" is used instead of "application/javascript".

Without a "/" in the MIME type, the content returned can be sniffed per <http://tools.ietf.org/html/draft-abarth-mime-sniff-04>, and because it starts out with a <script> tag, is likely to be sniffed as "text/html".

Was the use of "application-javascript" intentional or just a typo?

See Bug 37358 for the original fix and test case.

Comment 1 David Kilzer (:ddkilzer) 2010-04-29 18:01:00 PDT

Created attachment 54765 [details]
Patch v1

Comment 2 Abhishek Arya 2010-04-29 18:14:48 PDT

Yes, David it is a typo. Sorry about that.

Comment 3 David Kilzer (:ddkilzer) 2010-04-30 14:05:58 PDT

Committed r58604: <http://trac.webkit.org/changeset/58604>