Description
What version of Go are you using (go version)?
$ go version go version devel +d71d81c5a2 Mon Mar 4 16:29:25 2019 +0530 darwin/amd64
While reading the MIME Sniffing Spec and the corresponding implementation in the net/http package in sniff.go, I found few discrepancies between the two. As, I do not know whether these diffs are intentional or not (though I am curious to know), I thought it best to share my findings so that a conscious decision can be taken.
Here are few suggestions for updating the current implementation in accordance with the spec:
-
Using pattern rather than mask for assertion and iteration in the Pattern Matching Algorithm.
Currently, we are usingm.maskinstead ofm.patat both the places.
The reason this substitution works is because their lengths are the equal (implicit) in all the currently support MIME signatures, and the logical AND operation:a & b = c=>a & c = b.
Refer:Lines 185 to 194 in d188767
-
Rename
image/vnd.microsoft.icontoimage/x-iconand add another signature for the same.
We are using the same signature forimage/vnd.microsoft.iconinstead ofimage/x-icon. This could be a possible bug or a decision that should be documented as a divergence from the spec.
Refer:Line 93 in d188767
-
Using named strings instead of hexadecimal representation in
application/zipandapplication/x-rar-compressed.
Reading the source code, I experienced that using human-readable string definition of the signatures is an implicit convention over the mechanistic byte pattern sequences (as it should be!). These are a couple of places which can be changed with the sole purpose of maintaining consistency and improving visual aesthetics.
Refer:Lines 146 to 147 in d188767
-
Reordering the
sniffSignaturesaccording to the section Identifying a resource with an unknown MIME type.
In the current implementation, the signatures are almost sorted according to the spec, with a few exceptions. For example, matchingvideo/webmbeforevideo/mp4.