From b3014f4c6c4b9550bcb9ee27367c17beb9e96d99 Mon Sep 17 00:00:00 2001 From: "estade@chromium.org" Date: Tue, 19 Jan 2010 19:47:15 +0000 Subject: Merge: r34237 | abarth@chromium.org | 2009-12-09 23:15:28 -0800 (Wed, 09 Dec 2009) | 12 lines Adjust our sniffing hueristics to better match Firefox. We used to be willing to sniff "safe" mime types from application/octet-stream, but we ran into compatibility problems with sites that wanted to use application/octet-stream to trigger a download. To have better compatibility with these sites, we've changed our sniffing algorith to be slightly less agressive. BUG=29354 Review URL: http://codereview.chromium.org/467035 TBR=abarth Review URL: http://codereview.chromium.org/552047 git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@36535 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/mime_sniffer.cc | 18 +++++++++++++----- net/base/mime_sniffer_unittest.cc | 2 +- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/net/base/mime_sniffer.cc b/net/base/mime_sniffer.cc index 07feb33..56b317f 100644 --- a/net/base/mime_sniffer.cc +++ b/net/base/mime_sniffer.cc @@ -73,8 +73,12 @@ // URL has an GIF extension) // * Opera 9: Render as GIF // -// Given our previous decisions, this decision is more or less clear. -// => Chrome: Render as GIF +// We used to render as GIF here, but the problem is that some sites want to +// trigger downloads by sending application/octet-stream (even though they +// should be sending Content-Disposition: attachment). Although it is safe +// to render as GIF from a security perspective, we actually get better +// compatibility if we don't sniff from application/octet stream at all. +// => Chrome: Download as application/octet-stream // // XHTML payload, Content-Type: "text/xml": // * IE 7: Render as XML @@ -492,9 +496,8 @@ bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) { // Many web servers are misconfigured to send text/plain for many // different types of content. "text/plain", - // IIS 4.0 and 5.0 send application/octet-stream when serving .xhtml - // files. Firefox 2.0 does not sniff xhtml here, but Safari 3, - // Opera 9, and IE do. + // We want to sniff application/octet-stream for + // application/x-chrome-extension, but nothing else. "application/octet-stream", // XHTML and Atom/RSS feeds are often served as plain xml instead of // their more specific mime types. @@ -577,6 +580,11 @@ bool SniffMimeType(const char* content, size_t content_size, if (SniffCRX(content, content_size, url, type_hint, result)) return true; + // We're not interested in sniffing for magic numbers when the type_hint + // is application/octet-stream. Time to bail out. + if (type_hint == "application/octet-stream") + return have_enough_content; + // Now we look in our large table of magic numbers to see if we can find // anything that matches the content. if (SniffForMagicNumbers(content, content_size, result)) diff --git a/net/base/mime_sniffer_unittest.cc b/net/base/mime_sniffer_unittest.cc index ed1634c..56dfd51 100644 --- a/net/base/mime_sniffer_unittest.cc +++ b/net/base/mime_sniffer_unittest.cc @@ -81,7 +81,7 @@ TEST(MimeSnifferTest, BasicSniffingTest) { "text/plain", "text/plain" }, { "\x89" "PNG\x0D\x0A\x1A\x0A", sizeof("\x89" "PNG\x0D\x0A\x1A\x0A")-1, "http://www.example.com/foo", - "application/octet-stream", "image/png" }, + "application/octet-stream", "application/octet-stream" }, { "\xFF\xD8\xFF\x23\x49\xAF", sizeof("\xFF\xD8\xFF\x23\x49\xAF")-1, "http://www.example.com/foo", "", "image/jpeg" }, -- cgit v1.1