/
856.txt
420 lines (306 loc) · 20.8 KB
/
856.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
[53] データの[[バイト列]]を検査してその[[MIME型]]などを決定することを、[DFN[[[sniffing]]]] といいます。
[54] [DFN[[[MIME Sniffing]]]] 仕様書が [[Web]] における [[sniffing]] について規定しています。
* 仕様書
[REFS[
- [32] [CITE[MIME Sniffing]] ([TIME[2011-11-27 08:05:14 +09:00]] 版) <http://mimesniff.spec.whatwg.org/>
]REFS]
* Sniffing が行われる場面
[61] [[sniffing]] は次の場面で行われます。
[FIG(list)[
- [[MIME type sniffing algorithm]]
-- [[navigate]]
-- [CODE(HTMLe)@en[[[object]]]]
- [[rules for distinguishing if a resource is text or binary]]
-- [CODE(HTMLe)@en[[[object]]]]
- [[rules for sniffing images specifically]]
-- [CODE(HTMLe)@en[[[link]]]] が[[画像]]を指す場合
-- [CODE(HTMLe)@en[[[img]]]]
-- [CODE(HTMLe)@en[[[object]]]]
-- [CODE(HTML)@en[[[<input type=image>]]]]
-- [CODE(DOMm)@en[[[createImageBitmap]]]] で [CODE(DOMi)@en[[[Blob]]]] の場合
- [[rules for sniffing audio and video specifically]]
-- [CODE(HTMLe)@en[[[video]]]]
-- [CODE(HTMLe)@en[[[audio]]]]
]FIG]
[62] [[テキストトラック]]についても [[sniffing]] を行うかどうかは未決となっています。
;; <http://www.whatwg.org/specs/web-apps/current-work/#start-the-track-processing-model>
[63] [[CSS]] の[[画像]]も [[sniffing]] を行っているはずですが現在それはどこにも規定されていません。
* プロトコル
[FIG(short list)[
- [CODE(HTTP)@en[[[Content-Type:]]]]
- [CODE(HTTP)@en[[[X-Content-Type-Options:]]]]
]FIG]
* その他の sniffing
[69] 文字コードの判定については、 [[charset sniffing]] を参照。
** JSON Sniffing
[25] [[RFC 4627]] が [[JSON]] の [[charset]] [[sniffing]] について言及しています。
** RDFa 処理器の Sniffing
[50] [[RDFa 1.1]] に基づく [[RDFa処理器]]は、 [[MIME型]]によって[[ホスト言語]]を決定しなければ[['''なりません''']]。
[[MIME型]]を決定できないか未対応の時は、 [CODE(MIME)@en[[[application/xml]]]] としなければ[['''なりません''']]。
[SRC[>>49]]
[51] >>50 の直後にこれと矛盾する次のような「NOTE」があります。 [[MIME型]]が無い時、
[[DOCTYPE]]、[[根要素]]、[[拡張子]]、[[利用者]]定義の引数など追加の仕組みを用いても[['''構いません''']] [SRC[>>49]]。
[REFS[
- [49] [CITE@en[RDFa Core 1.1 - Second Edition]] ([TIME[2013-08-15 17:12:47 +09:00]] 版) <http://www.w3.org/TR/rdfa-core/#h3_processorconf>
]REFS]
* 歴史
[55] [[IE]] は古くから [CODE(HTTP)@en[[[Content-Type:]]]] ヘッダーを一部無視して[[拡張子]]を使ったり
[[sniffing]] したりしており、それによって他の [[Webブラウザー]]と異なる解釈をしたり、
それによって (本来の仕様上は問題ないはずのもので) [[セキュリティー]]上の問題を引き起こしたりして非難されていました。
しかし間違った [CODE(HTTP)@en[[[Content-Type:]]]] を送出する[[起源鯖]]も広く存在しており、
また他のブラウザーも [CODE(HTMLe)@en[[[script]]]] の [CODE(HTTP)@en[[[Content-Type:]]]]
を無視したり、 [CODE(HTMLe)@en[[[img]]]] では [[sniffing]] を行ったりしていて、
[[sniffing]] を排除することは最早できない状況でした。
[56] そうはいっても各 [[Webブラウザー]]が独自に異なる [[sniffing]] を行って標準仕様が存在しない状況では、
サーバー側で[[セキュリティー]]上の問題を回避するための十分な対策を施すのも困難 (何をもって十分としてよいかすらわからない状態)
でありました。
[57] 2007年頃になってようやく [[Ian Hickson]] によって [[WHATWG]] [[Web Applications 1.0]] (後の [[HTML5]]、
現在の [[HTML Standard]]) で [[Webブラウザー]]が実装するべき [[sniffing]] の規則が正確かつ詳細に規定されるようになりました。
[58] その後 [[IETF]] と [[W3C]] の圧力によって [[sniffing]] は [[HTML5]] 仕様書から切り離され、
この分野の専門家である [[Adam Barth]] による [[Internet Draft]] として [[IETF]] で出版されるようになりました。
[59] しかしその作業も停滞していたことから 2012年、 [[Gordon P. Hemsley]] が引き取って再び [[WHATWG]]
で [[Living Standard]] として出版されるようになりました。
;; [60] 同じような経緯で [[W3C]] に行った仕様書はその後 [[WHATWG]] で作業が再開された後 [[W3C]]
が劣化コピーを発行し続ける例が多いですが、 [[IETF]] はそういうことはしていません。
[71] [[RFC 7231]] は、 [CODE(HTTP)@en[[[Content-Type:]]]] [[ヘッダー]]が無い場合に
[[sniffing]] を認めています [SRC[>>72]]。それ以外でも [[sniffing]]
が行われる現実も認めた上で、実装によって解釈が異なることはセキュリティー上のリスクであるとし、
[[sniffing]] を無効にするオプションの提供を[RUBYB[推奨]@en[encourage]]しています [SRC[>>72]]。
[REFS[
- [72] [CITE@en[RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content]] ([TIME[2014-06-07 01:55:45 +09:00]] 版) <https://tools.ietf.org/html/rfc7231#section-3.1.1.5>
]REFS]
;; [73] 任意に[[利用者]]が有効にしたり無効にしたりできるのも、危険だと思うのですが・・・。
[81] [[HTTP/0.9]] でも、[[sniffing]] や[[拡張子]]による推測が認められています [SRC[>>80]]。
[REFS[
- [80] [CITE@en[RFC 1945 - Hypertext Transfer Protocol -- HTTP/1.0]] ([TIME[2014-09-07 13:12:32 +09:00]] 版) <http://tools.ietf.org/html/rfc1945#section-7.2.1>
]REFS]
** 媒体要素
[77] [[媒体要素]]にも [[sniffing]] を適用するべきか否かは意見の対立
[SRC[>>76]] から長らく未決とされてきましたが、
大勢が決した2014年8月には [[sniffing]] を行うよう [[HTML Standard]]
が変更されました [SRC[>>75]]。
[REFS[
- [76] [CITE@en[Bug 11984 – <video>: Figure out the story with respect to honouring Content-Type headers vs sniffing content]] ([TIME[2014-08-03 10:58:29 +09:00]] 版) <https://www.w3.org/Bugs/Public/show_bug.cgi?id=11984>
- [75] [CITE@en[Web Applications 1.0 r8696 Make <video> and <audio> sniff for their media data's MIME type, since most browsers seem to be going that way, and we need to pick a direction.]] ([TIME[2014-08-02 05:56:00 +09:00]] 版) <http://html5.org/r/8696>
]REFS]
* メモ
[1]
[CITE[葉っぱ日記 - 「拡張子ではなく、内容によってファイルを開くこと」の拡張子は Content-Type ではないことに注意]] ([CODE[2007-04-04 15:46:35 +09:00]] 版) <http://d.hatena.ne.jp/hasegawayosuke/20070404/p1>
([[名無しさん]] [WEAK[2007-04-04 23:46:23 +00:00]])
[2]
[CITE@en[Re: Proposed Design Principles updated]] ([[Ian Hickson]] 著, [CODE[2007-04-05 14:51:37 +09:00]] 版) <http://lists.w3.org/Archives/Public/public-html/2007Apr/0232.html>
> One browser started ignoring CSS files in one very specific
case, namely only if the document had a DOCTYPE that, at the time, was
basically unused. (I was one of the two people pushing for this.) It broke
some sites, but comparatively few in the grand scheme of things. (Though
we still get bug reports about this today, so maybe it wasn't that good an
idea after all.)
([[名無しさん]])
[3]
[CITE[Mime sniffing data]] ([[Adam Barth <whatwg@...>]] 著, [TIME[2008-10-09 01:34:49 +09:00]] 版) <http://permalink.gmane.org/gmane.org.w3c.whatwg.discuss/15882>
[4] [CITE[Content-Type Processing Model ]] ([TIME[2009-01-10 07:14:52 +09:00]] 版) <http://webblaze.cs.berkeley.edu/2009/mime-sniff/mime-sniff.txt>
[5] [CITE@en[Sam Ruby: Mime Sniff]] ([TIME[2009-01-12 10:24:59 +09:00]] 版) <http://intertwingly.net/blog/2009/01/09/Mime-Sniff>
[6] [CITE[IRC logs: freenode / #whatwg / 20090927]]
([TIME[2009-11-30 23:26:32 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20090927#l-135>
[7] [CITE[IRC logs: freenode / #whatwg / 20090927]]
([TIME[2009-11-30 23:26:32 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20090927#l-320>
[8] [CITE[IRC logs: freenode / #whatwg / 20090929]]
([TIME[2009-12-02 08:29:55 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20090929#l-357>
[9] [CITE[Bug 8479 – http content-type override mandatory for <object>]]
([TIME[2010-01-10 22:59:48 +09:00]] 版)
<http://www.w3.org/Bugs/Public/show_bug.cgi?id=8479>
[10] [CITE@en[HTML5 Revision Tracker]]
([TIME[2010-04-14 21:50:48 +09:00]] 版)
<http://html5.org/tools/web-apps-tracker?from=5041&to=5042>
[11] [CITE[''''''[''''''whatwg'''''']'''''' Video with MIME type application/octet-stream]]
( ([TIME[2010-09-02 00:45:32 +09:00]] 版))
<http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-August/028291.html>
[12] [CITE[IRC logs: freenode / #whatwg / 20100825]]
( ([TIME[2010-09-04 09:44:11 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20100825#l-1199>
[13] [CITE@en[Speech Synthesis Markup Language (SSML) Version 1.1]]
( ([TIME[2010-09-08 00:26:19 +09:00]] 版))
<http://www.w3.org/TR/2010/REC-speech-synthesis11-20100907/#lexicon_type>
[14] [CITE['''['''whatwg''']''' Video with MIME type application/octet-stream]]
([TIME[2010-12-09 18:00:19 +09:00]] 版)
<http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2010-December/029393.html>
[15] [CITE@en[Web Applications 1.0 r5836 Bring the spec more in line with what the browsers do for video (largely, ignoring Content-Type). This will probably be tweaked further once Adam's draft has a section dedicated to sniffing media container formats.]]
( ([TIME[2011-02-05 10:31:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=5835&to=5836>
[16] [CITE[''''''[''''''websec'''''']'''''' Font sniffing]]
( ([TIME[2011-01-28 00:21:17 +09:00]] 版))
<http://www.ietf.org/mail-archive/web/websec/current/msg00235.html>
[17] [CITE@en[Web Applications 1.0 r5921 revert r5836 per http://lists.w3.org/Archives/Public/public-html/2011Mar/0002.html]]
( ([TIME[2011-03-01 09:18:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=5920&to=5921>
[18] [CITE@en[Re: Request for revert on bug 11984]]
( ([[Ian Hickson]] 著, [TIME[2011-03-01 09:14:52 +09:00]] 版))
<http://lists.w3.org/Archives/Public/public-html/2011Mar/0002.html>
[19] [CITE[IRC logs: freenode / #whatwg / 20110123]]
( ([TIME[2011-03-05 11:46:54 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20110123>
[20] [CITE[IRC logs: freenode / #whatwg / 20110124]]
( ([TIME[2011-03-05 23:14:05 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20110124>
[21] [CITE[IRC logs: freenode / #whatwg / 20110127]]
( ([TIME[2011-03-10 07:30:55 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20110127>
[22] [CITE[IRC logs: freenode / #whatwg / 20110205]]
( ([TIME[2011-03-19 23:45:14 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20110205#l-71>
[23] [CITE@en[Web Applications 1.0 r5979 10805]]
( ([TIME[2011-04-09 07:12:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=5978&to=5979>
[24] [CITE[drafts/sniff.xml at master from abarth's ietf-websec - GitHub]]
( ([TIME[2011-02-13 13:01:23 +09:00]] 版))
<https://github.com/abarth/ietf-websec/blob/master/drafts/sniff.xml>
[26] [CITE[MIME Sniffing]]
( ([TIME[2011-09-27 05:18:56 +09:00]] 版))
<http://mimesniff.spec.whatwg.org/>
[27] [CITE@en[Web Applications 1.0 r6721 (WIP - MIMESNIFF has not yet been updated accordingly) Change the spec to use MIMESNIFF rules for text tracks instead of blindly honouring MIME types.]]
( ([TIME[2011-10-21 08:27:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=6720&to=6721>
[28] [CITE@en[Web Applications 1.0 r6823 Make appcache no longer check for the MIME type.]]
( ([TIME[2011-11-11 09:36:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=6822&to=6823>
[29] [CITE@en[Web Applications 1.0 r6826 Add warnings about media elements and track and how to determine the type and how we don't know what hte solution is.]]
( ([TIME[2011-11-12 09:22:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=6825&to=6826>
[30] [CITE@en[Web Applications 1.0 r6920 Remove vestiges of MIME type checking in appcache.Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=14701]]
( ([TIME[2012-01-26 08:27:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=6919&to=6920>
[31] [CITE@en[Web Applications 1.0 r6990 Factor out the prescan algorithm for reuse in other specs.]]
( ([TIME[2012-02-14 06:06:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=6989&to=6990>
[33] [CITE[IRC logs: freenode / #whatwg / 20120801]]
( ([TIME[2012-08-06 21:04:00 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20120801#l-248>
[34] [CITE@en[Web Applications 1.0 r7360 Make a BOM override HTTP headers.]]
( ([TIME[2012-09-16 12:55:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=7359&to=7360>
[35] [CITE[IRC logs: freenode / #whatwg / 20120928]]
( ([TIME[2012-10-03 22:06:16 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20120928>
[36] [CITE[IRC logs: freenode / #whatwg / 20120928]]
( ([TIME[2012-10-03 22:06:16 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20120928>
[37] [CITE[whatwg/mimesniff]]
( ([TIME[2012-10-03 22:39:05 +09:00]] 版))
<https://github.com/whatwg/mimesniff>
[38] [CITE[''''''[''''''whatwg'''''']'''''' '''['''mimesniff''']''' Review requested on MIME Sniffing Standard]]
( ([TIME[2012-11-06 00:29:10 +09:00]] 版))
<http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-November/037787.html>
[REFS[
- [39] [CITE[Hosting - Google Chrome]] ([TIME[2012-11-18 01:28:56 +09:00]] 版) <http://developer.chrome.com/extensions/hosting.html>
]REFS]
[40] >>39 によると [[Chrome]] は未知の[[MIME型]]の sniffing で [CODE(MIME)@en[[[application/x-chrome-extension]]]]
にも対応しているようです。
[41] [CITE[Issue 7448 - chromium - CSS and JS files with MIME Type text/plain should still apply - An open-source browser project to help move the web forward. - Google Project Hosting]]
( ([TIME[2012-11-18 01:42:41 +09:00]] 版))
<http://code.google.com/p/chromium/issues/detail?id=7448>
[42] [CITE[IRC logs: freenode / #whatwg / 20121018]]
( ([TIME[2012-11-18 00:24:44 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20121018#l-259>
[43] [CITE[IRC logs: freenode / #whatwg / 20121105]]
( ([TIME[2012-11-24 13:19:40 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20121105#l-755>
[44] [CITE[IRC logs: freenode / #whatwg / 20121109]]
( ([TIME[2012-11-26 22:30:44 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20121109>
[45] [CITE[Packaged Web Apps (Widgets) - Packaging and XML Configuration (Second Edition)]]
( ([TIME[2012-11-22 21:22:20 +09:00]] 版))
<http://w3c.github.com/packed-webapps/packaging/#rule-for-identifying-the-media-type-of-a-file>
[46] [CITE@en[Web Applications 1.0 r7701 Revert part of r5545 because bz changed his mind and this matches reality better. :-)]]
( ([TIME[2013-02-07 08:10:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=7700&to=7701>
[47] [CITE@en[Web Applications 1.0 r7701 Revert part of r5545 because bz changed his mind and this matches reality better. :-)]]
( ([TIME[2013-02-07 08:10:00 +09:00]] 版))
<http://html5.org/tools/web-apps-tracker?from=7700&to=7701>
[48] [CITE@EN[Authoritative Metadata]]
( ([TIME[2013-04-05 19:44:14 +09:00]] 版))
<http://www.w3.org/2001/tag/doc/mime-respect-20130405.html>
[52] [CITE@en[Windows RSS Publisher's Guide (work-in-progress) - Microsoft RSS Blog - Site Home - MSDN Blogs]]
( ([TIME[2013-12-04 04:55:23 +09:00]] 版))
<http://blogs.msdn.com/b/rssteam/archive/2005/08/02/publishersguide.aspx>
[88] >>52 によると [[IE]] は [CODE(MIME)@en[[[text/xml]]]] が[[フィード]]か判定するために
[[sniffing]] しています。
[89] [CITE@en-US[XSL Transformations in Mozilla FAQ | MDN]] ([TIME[2014-03-22 05:56:30 +09:00]] 版) <https://developer.mozilla.org/en-US/docs/XSL_Transformations_in_Mozilla_FAQ>
[90] >>89 によると [[Firefox]] も [[IE]] と同様の [[sniffing]] を行っています。
[64] [CITE@en[Bug 11984 – <video>: Figure out the story with respect to honouring Content-Type headers vs sniffing content]]
( ([TIME[2013-12-14 11:48:15 +09:00]] 版))
<https://www.w3.org/Bugs/Public/show_bug.cgi?id=11984>
[65] [CITE[IRC logs: freenode / #whatwg / 20131211]]
( ([TIME[2013-12-13 22:33:10 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20131211#l-870>
[66] [CITE[IRC logs: freenode / #whatwg / 20140121]]
( ([TIME[2014-01-23 20:23:43 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20140121>
[67] [CITE[ncsa-mosaic/CHANGES at master · alandipert/ncsa-mosaic]]
( ([TIME[2014-04-07 05:28:45 +09:00]] 版))
<https://github.com/alandipert/ncsa-mosaic/blob/master/CHANGES#L179>
[68] [CITE[ncsa-mosaic/CHANGES at master · alandipert/ncsa-mosaic]]
( ([TIME[2014-04-07 05:38:10 +09:00]] 版))
<https://github.com/alandipert/ncsa-mosaic/blob/master/CHANGES#L885>
[70] [CITE@en[Bug 11984 – <video>: Figure out the story with respect to honouring Content-Type headers vs sniffing content]]
( ([TIME[2014-05-08 03:49:08 +09:00]] 版))
<https://www.w3.org/Bugs/Public/show_bug.cgi?id=11984>
[74] [CITE@en[Tolerant HTTP Parsing]]
( ([TIME[2011-10-09 14:47:27 +09:00]] 版))
<http://stuff.gsnedders.com/http-parsing.html#rfc.section.B>
[78] [CITE[mimesniff]]
( ([TIME[2014-09-06 02:37:35 +09:00]] 版))
<http://news.dieweltistgarnichtso.net/bin/mimesniff.html>
[79] [CITE@en[''''''[''''''webappsec'''''']'''''' Rechartering: MIME-type sniffing]]
( ([[Brad Hill]] 著, [TIME[2014-11-10 09:01:08 +09:00]] 版))
<http://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0125.html>
[FIG(quote)[
[FIGCAPTION[
[82] [CITE@en[RFC 2911 - Internet Printing Protocol/1.1: Model and Semantics]]
([TIME[2015-02-15 17:22:27 +09:00]] 版)
<https://tools.ietf.org/html/rfc2911#section-4.1.9.1>
]FIGCAPTION]
> One special type is 'application/octet-stream'. If the Printer
> object supports this value, the Printer object MUST be capable of
> auto-sensing the format of the document data using an
> implementation-dependent method that examines some number of octets
> of the document data, either as part of the create operation and/or
> at document processing time.
]FIG]
[83] [CITE[Part2 - browsersec - Browser Security Handbook, part 2 - Browser Security Handbook - Google Project Hosting]]
([TIME[2015-03-31 16:45:19 +09:00]] 版)
<https://code.google.com/p/browsersec/wiki/Part2#Survey_of_content_sniffing_behaviors>
[84] [CITE[IRC logs: freenode / #whatwg / 20150331]]
([TIME[2015-04-01 11:13:49 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150331#l-397>
[85] [CITE[mime_util.cc - Code Search]]
([TIME[2015-04-04 11:22:49 +09:00]] 版)
<https://code.google.com/p/chromium/codesearch#chromium/src/net/base/mime_util.cc&rcl=1427945811&l=1>
[FIG(quote)[
[FIGCAPTION[
[86] [CITE[IRC logs: freenode / #whatwg / 20150408]]
([TIME[2015-04-09 11:51:32 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150408#l-380>
]FIGCAPTION]
> # '''['''10:41''']''' <philipj> for <track> there's just no code that looks at Content-Type, at least not in Blink, if it's not WebVTT then it won't work
]FIG]
[87] [CITE@en[Add MIME type whitelist for "track" (text/vtt). · whatwg/fetch@44f237a]]
([TIME[2015-04-09 23:41:48 +09:00]] 版)
<https://github.com/whatwg/fetch/commit/44f237a3ac61c9e39561f82211e442da0e9f1638>
[91] [CITE@en[gecko-dev/nsUnknownDecoder.cpp at c01ab4a7c845716c0e5fdf1a7815ccfba3bbeb7a · mozilla/gecko-dev]]
([TIME[2015-05-07 20:17:36 +09:00]] 版)
<https://github.com/mozilla/gecko-dev/blob/c01ab4a7c845716c0e5fdf1a7815ccfba3bbeb7a/netwerk/streamconv/converters/nsUnknownDecoder.cpp>
[92] [CITE[Packaged Web Apps (Widgets) - Packaging and XML Configuration (Second Edition)]]
([TIME[2015-01-27 11:24:04 +09:00]] 版)
<http://w3c.github.io/packaged-webapps/packaging/#rule-for-identifying-the-media-type-of-a-file-0>
[93] [CITE[Issue 2016 - chromium - Chrome stalls XHRs in order to sniff mime-type - An open-source project to help move the web forward. - Google Project Hosting]]
([TIME[2015-08-04 23:39:23 +09:00]] 版)
<https://code.google.com/p/chromium/issues/detail?id=2016>
[94] [CITE[Issue 156023 - chromium - Transfer-Encoding chunked not support on text/plain - An open-source project to help move the web forward. - Google Project Hosting]]
([TIME[2015-08-04 23:39:29 +09:00]] 版)
<https://code.google.com/p/chromium/issues/detail?id=156023>
[95] [CITE@en[MIME Type Detection in Windows Internet Explorer (Windows)]]
([TIME[2015-09-26 02:04:47 +09:00]] 版)
<https://msdn.microsoft.com/en-us/library/ms775147(v=vs.85).aspx>