Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
No longer render resources requested via FTP
Downloading resources over FTP is dangerous in itself, as FTP is a non-securable protocol. But rendering resources as text/html or similar is even more dangerous for a variety of reasons (explored to some extent in https://groups.google.com/a/chromium.org/d/msg/blink-dev/eopgOoY1QLs/e1tIefOxAAAJ). This patch forces FTP resources into an application/octet-stream MIME type, which should prevent them from rendering as HTML in user agents. Closes whatwg/html#4178.
- Loading branch information