Merge: r34237 | abarth@chromium.org | 2009-12-09 23:15:28 -0800 (Wed, 09 Dec 2009) | 12 lines

Adjust our sniffing hueristics to better match Firefox.

We used to be willing to sniff "safe" mime types from
application/octet-stream, but we ran into compatibility
problems with sites that wanted to use
application/octet-stream to trigger a download.  To have
better compatibility with these sites, we've changed our
sniffing algorith to be slightly less agressive.

BUG=29354

Review URL: http://codereview.chromium.org/467035
TBR=abarth

Review URL: http://codereview.chromium.org/552047

git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@36535 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 14 insertions, 6 deletions

diff --git a/net/base/mime_sniffer.cc b/net/base/mime_sniffer.cc
index 07feb33..56b317f 100644
--- a/net/base/mime_sniffer.cc
+++ b/net/base/mime_sniffer.cc
@@ -73,8 +73,12 @@
 //                                        URL has an GIF extension)
 // * Opera 9: Render as GIF
 //
-// Given our previous decisions, this decision is more or less clear.
-// => Chrome: Render as GIF
+// We used to render as GIF here, but the problem is that some sites want to
+// trigger downloads by sending application/octet-stream (even though they
+// should be sending Content-Disposition: attachment).  Although it is safe
+// to render as GIF from a security perspective, we actually get better
+// compatibility if we don't sniff from application/octet stream at all.
+// => Chrome: Download as application/octet-stream
 //
 // XHTML payload, Content-Type: "text/xml":
 // * IE 7: Render as XML
@@ -492,9 +496,8 @@ bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
     // Many web servers are misconfigured to send text/plain for many
     // different types of content.
     "text/plain",
-    // IIS 4.0 and 5.0 send application/octet-stream when serving .xhtml
-    // files.  Firefox 2.0 does not sniff xhtml here, but Safari 3,
-    // Opera 9, and IE do.
+    // We want to sniff application/octet-stream for
+    // application/x-chrome-extension, but nothing else.
     "application/octet-stream",
     // XHTML and Atom/RSS feeds are often served as plain xml instead of
     // their more specific mime types.
@@ -577,6 +580,11 @@ bool SniffMimeType(const char* content, size_t content_size,
   if (SniffCRX(content, content_size, url, type_hint, result))
     return true;
 
+  // We're not interested in sniffing for magic numbers when the type_hint
+  // is application/octet-stream.  Time to bail out.
+  if (type_hint == "application/octet-stream")
+    return have_enough_content;
+
   // Now we look in our large table of magic numbers to see if we can find
   // anything that matches the content.
   if (SniffForMagicNumbers(content, content_size, result))
diff --git a/net/base/mime_sniffer_unittest.cc b/net/base/mime_sniffer_unittest.cc
index ed1634c..56dfd51 100644
--- a/net/base/mime_sniffer_unittest.cc
+++ b/net/base/mime_sniffer_unittest.cc
@@ -81,7 +81,7 @@ TEST(MimeSnifferTest, BasicSniffingTest) {
       "text/plain", "text/plain" },
     { "\x89" "PNG\x0D\x0A\x1A\x0A", sizeof("\x89" "PNG\x0D\x0A\x1A\x0A")-1,
       "http://www.example.com/foo",
-      "application/octet-stream", "image/png" },
+      "application/octet-stream", "application/octet-stream" },
     { "\xFF\xD8\xFF\x23\x49\xAF", sizeof("\xFF\xD8\xFF\x23\x49\xAF")-1,
       "http://www.example.com/foo",
       "", "image/jpeg" },