Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't interpret binary files as HTML #7706

Closed
jdm opened this issue Sep 22, 2015 · 6 comments
Closed

Don't interpret binary files as HTML #7706

jdm opened this issue Sep 22, 2015 · 6 comments
Labels
A-content/script Related to the script thread C-assigned There is someone working on resolving the issue E-less-complex Straightforward. Recommended for a new contributor.

Comments

@jdm
Copy link
Member

jdm commented Sep 22, 2015

We want to avoid interpreting streams of binary bytes as HTML, since that's silly and easily breaks our layout code that is unprepared for such things. In the code that receives the HTTP headers for a page (ParserContext::headers_available) we should check for the Content-Type header application/octet-stream and ignore the forthcoming response body if the header matches. We can replace it with an informative message in the same way that we create a special document for images in that method.

Testcase: firefox.com and press the download button
Code: components/script/dom/servohtmlparser.rs
@jdm jdm added E-less-complex Straightforward. Recommended for a new contributor. A-content/script Related to the script thread labels Sep 22, 2015
@jdm jdm mentioned this issue Sep 22, 2015
Closed
@SimonSapin
Copy link
Member

Rather than a black list with application/octet-stream, we might want a white list of supported MIME type (and possibly some sniffing. We know how to deal with text/html, text/plain, some image MIME type, etc, and everything unknown should be treated like application/octet-stream.

@sgmenda
Copy link

sgmenda commented Sep 25, 2015

is it possible a n00b like me can fix it

@jdm
Copy link
Member Author

jdm commented Sep 25, 2015

@s142857 I think you should give it a shot :)

@sgmenda
Copy link

sgmenda commented Sep 25, 2015

could you guide me @jdm

@jdm
Copy link
Member Author

jdm commented Sep 25, 2015

First step is to find the headers_available method of ParserContext. Next step is to get the Content-Type header from the headers in the metadata value. Final step is to check its value and return a fake document if the content-type is not supported.

@jdm jdm mentioned this issue Sep 30, 2015
Closed
@gkbrk gkbrk mentioned this issue Oct 10, 2015
Merged
@jdm jdm added the C-assigned There is someone working on resolving the issue label Oct 10, 2015
@jdm
Copy link
Member Author

jdm commented Nov 17, 2015

Fixed by #7956.

@jdm jdm closed this as completed Nov 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/script Related to the script thread C-assigned There is someone working on resolving the issue E-less-complex Straightforward. Recommended for a new contributor.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jdm @SimonSapin @sgmenda