Re: TXT or HTML? -- IE NEW BUG

From: Aaron Bentley (abentley@panoramicfeedback.com)
Date: 07/30/01

Previous message: Juanjo Ciarlante: "Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)"
Maybe in reply to: cr4zybird: "TXT or HTML? -- IE NEW BUG"
Next in thread: Peter W: "Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG)"
Next in thread: Deirdre Warshall: "RE: TXT or HTML? -- IE NEW BUG"
Reply: Peter W: "Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <3B65B995.4C678238@panoramicfeedback.com>
Date: Mon, 30 Jul 2001 15:46:29 -0400
From: Aaron Bentley <abentley@panoramicfeedback.com>
To: bugtraq@securityfocus.com
Subject: Re: TXT or HTML? -- IE NEW BUG

In my experience, file extension supercedes MIME type in IE.

I have noted several cases where servers were misconfigured, and yet IE
rendered external files correctly. In one case, it was an ASX file (the

ActiveStreaming equivalent of a RAM file). Netscape paid attention to
the MIME
type, and displayed the text in a browser window. IE launched Windows
Media
Player.

This problem was later solved when the server was correctly configured.
It's possible this behavior was based on magic cookies, I suppose. But
can they have cookies for every 1

I have also noted that cgi-generated PDF files are not handled correctly
in
some IE/Acrobat combinations, yet normal PDF files are handled
properly. By
configuring an alias for the cgi program with a PDF extension, I was
able to
get IE to launch Acrobat properly.

Aaron

Justin Nelson wrote:
<snip>
> **I don't think the actual file extension makes any difference on
remote
> files**
>
> Once IE determines that it is responsible for rendering the file
directly,
> it will show it however it feels appropriate. It will do this by
completely
> ignoring the MIME type and extension, rendering based on content
(exception:
> text/html is *always* rendered as HTML, whether or not there are HTML
tags).

Previous message: Juanjo Ciarlante: "Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)"
Maybe in reply to: cr4zybird: "TXT or HTML? -- IE NEW BUG"
Next in thread: Peter W: "Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG)"
Next in thread: Deirdre Warshall: "RE: TXT or HTML? -- IE NEW BUG"
Reply: Peter W: "Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: File associations
... a File Extension - If there isn't actually a File Extension on the ... If you do want to Create any particular File Association, ... & Internet Explorer actually just *ignores* the MIME Type ...
(uk.people.silversurfers)
Re: Website for info on improving digital signal?
... > Using the Opera browser it downloads on my machine as 'txpath.ps'. ... > Most users of Windoze will have hidden the file extension* and will ... I just tried it and firefox saw it as txpath.exe, with a mime type ... So it saved it as txpath.exe (with no hidden extension). ...
(uk.tech.digital-tv)
Re: outlook express attachments
... that sends me the stuff to switch to a different email program, ... In OE this would be an EML file. ... OE uses the MIME type to determine the file extension. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Auto detect content-type
... MIME types are usually recognized by the file extension. ... Then you have to set the Response.ContentType to that MIME type in the ... > IIS mechanisms of content-type detection were used? ...
(microsoft.public.dotnet.framework.aspnet)
Re: finding files
... We have about 100 servers and on each servers we have the g drive ... list of servers and the file extension to search and then script would ... To make it go through all existing drives you could use ...
(microsoft.public.scripting.vbscript)