Re: Plain text files in internet explorer
From: Bill Weiss (houdini@nmt.edu)Date: 09/02/02
- Previous message: Dan Kaminsky: "Re: Plain text files in internet explorer"
- In reply to: byron: "Re: Plain text files in internet explorer"
- Next in thread: Benjamin Elijah Griffin: "Re: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Sep 2002 10:47:27 -0600 From: Bill Weiss <houdini@nmt.edu> To: vuln-dev@securityfocus.com
byron(vulndev@glob.com.au)@Mon, Sep 02, 2002 at 09:15:46AM +0800:
> > Is it just me or is impossible to have plain text in internet explorer?
> > http://www.charm.net/~johnh/annoying.txt
>
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q239750&ID=KB;EN-US;Q2
> 39750&FR=1
>
>
> i find it strange that ie has 26 hard coded tests to determine the mime type
> of a document (see
> http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker
> /overview/appendix_a.asp) with no means to disable these tests except for
> text/plain.
Does anyone find some of the examples they use worrying?
(from #5)
"As an example, this is necessary when downloading, among others, .bat and .cmd files, which are plain text files, are frequently identified by the server as 'text/plain', and have no associated MIME type in the registry. Without the final check for an associated application, these would be displayed in-pane, whereas the desired behavior is to launch the command interpreter. "
Of course, any time we look at any potentially executable content, IE
should short-circuit the server's preference of whether it is executed...
-- Bill Weiss
- Previous message: Dan Kaminsky: "Re: Plain text files in internet explorer"
- In reply to: byron: "Re: Plain text files in internet explorer"
- Next in thread: Benjamin Elijah Griffin: "Re: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
