38364 – MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html

RESOLVED FIXED 38364

MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html

https://bugs.webkit.org/show_bug.cgi?id=38364

Summary MIME typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-...

David Kilzer (:ddkilzer)

Reported 2010-04-29 17:57:00 PDT

I believe there is a typo in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html where "application-javascript" is used instead of "application/javascript". Without a "/" in the MIME type, the content returned can be sniffed per <http://tools.ietf.org/html/draft-abarth-mime-sniff-04>, and because it starts out with a <script> tag, is likely to be sniffed as "text/html". Was the use of "application-javascript" intentional or just a typo? See Bug 37358 for the original fix and test case.

Attachments
Patch v1 (1.59 KB, patch) 2010-04-29 18:01 PDT, David Kilzer (:ddkilzer)	levin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2010-04-29 18:01:00 PDT

Created attachment 54765 [details] Patch v1

Abhishek Arya

Comment 2 2010-04-29 18:14:48 PDT

Yes, David it is a typo. Sorry about that.

David Kilzer (:ddkilzer)

Comment 3 2010-04-30 14:05:58 PDT

Committed r58604: <http://trac.webkit.org/changeset/58604>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Tools / Tests

Assignee

Nobody

Reported

2010-04-29 17:57 PDT

Modified

2010-05-02 14:40 PDT History

CC List

2 users Show

URL

Keywords

Depends on

37358

Blocks

Dependencies

tree graph