Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't interpret binary files as HTML #7706

Closed
jdm opened this issue Sep 22, 2015 · 6 comments
Closed

Don't interpret binary files as HTML #7706

jdm opened this issue Sep 22, 2015 · 6 comments

Comments

@jdm
Copy link
Member

@jdm jdm commented Sep 22, 2015

We want to avoid interpreting streams of binary bytes as HTML, since that's silly and easily breaks our layout code that is unprepared for such things. In the code that receives the HTTP headers for a page (ParserContext::headers_available) we should check for the Content-Type header application/octet-stream and ignore the forthcoming response body if the header matches. We can replace it with an informative message in the same way that we create a special document for images in that method.

Testcase: firefox.com and press the download button
Code: components/script/dom/servohtmlparser.rs

@SimonSapin
Copy link
Member

@SimonSapin SimonSapin commented Sep 22, 2015

Rather than a black list with application/octet-stream, we might want a white list of supported MIME type (and possibly some sniffing. We know how to deal with text/html, text/plain, some image MIME type, etc, and everything unknown should be treated like application/octet-stream.

@sgmenda
Copy link
Contributor

@sgmenda sgmenda commented Sep 25, 2015

is it possible a n00b like me can fix it

@jdm
Copy link
Member Author

@jdm jdm commented Sep 25, 2015

@s142857 I think you should give it a shot :)

@sgmenda
Copy link
Contributor

@sgmenda sgmenda commented Sep 25, 2015

could you guide me @jdm

@jdm
Copy link
Member Author

@jdm jdm commented Sep 25, 2015

First step is to find the headers_available method of ParserContext. Next step is to get the Content-Type header from the headers in the metadata value. Final step is to check its value and return a fake document if the content-type is not supported.

@jdm
Copy link
Member Author

@jdm jdm commented Nov 17, 2015

Fixed by #7956.

@jdm jdm closed this Nov 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.