Overview.src.html

<!DOCTYPE html>
<meta charset=utf-8>
<title>MIME Sniffing Standard</title>
<style>
 @media print { [data-anolis-spec]::after { content:"[" attr(data-anolis-spec) "]"; font-size:.6em; vertical-align:super; text-transform:uppercase } }
</style>
<link rel=stylesheet href=http://www.whatwg.org/style/specification>
<link rel=icon href=http://www.whatwg.org/images/icon>



<div class=head>

 <p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=http://www.whatwg.org/images/logo width=101></a></p>
 <h1>MIME Sniffing</h1>
 <h2 class="no-num no-toc">Living Standard &mdash; Last Updated [DATE: 01 Jan 1901]</h2>

 <dl>
  <dt>This Version:
  <dd>
   <a href=http://mimesniff.spec.whatwg.org/>http://mimesniff.spec.whatwg.org/</a>

  <dt>Participate:
  <dd>
   Send feedback to
   <a href="http://www.whatwg.org/mailing-list">whatwg@whatwg.org</a>
   (<a href="http://www.whatwg.org/mailing-list#specs">archives</a>)
   or
   <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=WHATWG&amp;component=MIME">file a bug</a>
   (<a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=WHATWG&amp;component=MIME&amp;resolution=---">open bugs</a>)
  <dd>
   <a href="http://wiki.whatwg.org/wiki/IRC">IRC: #whatwg on Freenode</a>

  <dt>Version history:
  <dd>
   <a href=https://github.com/whatwg/mimesniff/commits>https://github.com/whatwg/mimesniff/commits</a>
  <dd>
   <a href=https://twitter.com/mimesniff>@mimesniff</a>

  <dt>Editor:
  <dd>
   <a href="http://gphemsley.org/">Gordon P. Hemsley</a> &lt;<a href="mailto:me@gphemsley.org">me@gphemsley.org</a>&gt;

  <dt>Past editors:
  <dd>
   Adam Barth &lt;<a href="mailto:whatwg@adambarth.com">whatwg@adambarth.com</a>&gt; (Google)
  <dd>
   Ian Hickson &lt;<a href="mailto:ian@hixie.ch">ian@hixie.ch</a>&gt; (Google)
 </dl>

 <script src=//dvcs.w3.org/hg/quirks-mode/raw-file/tip/file-bug.js async></script>

 <p class=copyright>
  <a rel="license" href="http://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Universal</a>.

  To the extent possible under law, the editor has waived all copyright and
  related or neighboring rights to this work.

  In addition, as of [DATE: 01 Jan 1901], the editor has made this
  specification available under the
  <a rel="license" href="http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0">Open Web Foundation Agreement Version 1.0</a>,
  which is available at
  http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0.

</div>



<h2 class="no-num no-toc">Abstract</h2>

<p>
 Many web servers supply incorrect <code>Content-Type</code> header fields
 with their HTTP responses.

 In order to be compatible with these servers, user agents consider the
 content of HTTP responses as well as the <code>Content-Type</code> header
 fields when determining the effective media type of the response.

 This document describes an algorithm for determining the effective media type
 of HTTP responses that balances security and compatibility considerations.



<h2 class=no-num>Table of contents</h2>

<!--toc-->



<h2>Introduction</h2>

<p>
 The HTTP <code>Content-Type</code> header field indicates the media type of
 an HTTP response.

 However, many HTTP servers supply a <code>Content-Type</code> that does not
 match the actual contents of the response.

 Historically, web browsers have tolerated these servers by examining the
 content of HTTP responses in addition to the <code>Content-Type</code> header
 field to determine the effective media type of the response.

<p>
 Without a clear specification of how to "sniff" the media type, each user
 agent has been forced to reverse-engineer the algorithms of other user agents
 in order to maintain interoperability.

 Inevitably, these efforts have not been entirely successful, resulting in
 divergent behaviors among user agents.

 In some cases, these divergent behaviors have had security implications, as a
 user agent could interpret an HTTP response as a different media type than
 the server intended.

<p>
 These security issues are most severe when an "honest" server allows
 potentially malicious users to upload their own files and then serves the
 contents of those files with a low-privilege media type.

 For example, if a server believes that the client will treat a contributed
 file as an image (and thus treat it as benign), but a user agent believes the
 content to be HTML (and thus privileged to execute any scripts contained
 therein), an attacker might be able to steal the user's authentication
 credentials and mount other cross-site scripting attacks.

 (Malicious servers, of course, can specify an arbitrary media type in the
 <code>Content-Type</code> header field.)

 In the absence of media type sniffing, this user-generated content would not
 be interpreted as a high-privilege media type.

<p>
 This document describes a content sniffing algorithm that carefully balances
 the compatibility needs of user agent with the security constraints imposed
 by existing web content.

 The algorithm originated from research conducted by Adam Barth, Juan
 Caballero, and Dawn Song, based on content sniffing algorithms present in
 popular user agents, an extensive database of existing web content, and
 metrics collected from implementations deployed to a sizable number of users.

 <span data-anolis-ref>SECCONTSNIFF</span>

<p>
 Whenever possible, user agents should not employ a content sniffing
 algorithm.

 However, if a user agent does employ a content sniffing algorithm, the user
 agent should use the algorithm in this document; using a different content
 sniffing algorithm could have unexpected security implications.



<h2>Conventions</h2>

<p>
 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
 "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this
 document are to be interpreted as described in RFC 2119.

 <span data-anolis-ref>RFC2119</span>

<p>
 Requirements phrased in the imperative as part of algorithms (such as "strip
 any leading space characters" or "return false and abort these steps") are to
 be interpreted with the meaning of the key word ("MUST", "SHOULD", "MAY",
 etc.) used in introducing the algorithm.

<p>
 Conformance requirements phrased as algorithms or specific steps can be
 implemented in any manner, so long as the end result is equivalent.

 In particular, note that the algorithms defined in this specification are
 intended to be easy to understand and are not intended to be performant.



<h2>Terminology</h2>

<p>
 A <dfn>byte</dfn> is a <span data-anolis-spec=encoding>byte</span> as defined
 in the Encoding Standard.

 When helpful, a <span>byte</span> will be accompanied by information about
 the ASCII code point it represents.

 <span data-anolis-ref>ENCODING</span>
 <span data-anolis-ref class=informative>ASCII</span>

<p>
 A <dfn>binary data byte</dfn> is a <span>byte</span> in the range 0x00 to
 0x08 (NUL to BS), the <span>byte</span> 0x0B (VT), a <span>byte</span> in the
 range 0x0E to 0x1A (SO to SUB), or a <span>byte</span> in the range 0x1C to
 0x1F (FS to US).

<p>
 A <dfn>whitespace byte</dfn> (0xWS) is any of the following
 <span title=byte>bytes</span>: 0x09 (HT), 0x0A (LF), 0x0C (FF), 0x0D (CR),
 0x20 (SP).

<p>
 A <dfn>tag-terminating byte</dfn> (0xTT) is any of the following
 <span title=byte>bytes</span>: 0x20 (SP), 0x3E (<code title>&gt;</code>).

<p>
 A <dfn>byte sequence</dfn> is a <span>sequence</span> of
 <span title=byte>bytes</span>.

<p>
 A <dfn>resource header</dfn> is the <span>byte sequence</span> at the
 beginning of a <span>resource</span>, as determined by
 <span title="read the resource header">reading the resource header</span>.

<p>
 The <dfn>media type</dfn> of a resource is a technical hint about the use and
 format of that resource.

 <span data-anolis-ref class=informative>MIMETYPE</span>

<p>
 A <dfn>valid media type</dfn> is a
 <span data-anolis-spec=http>media-type</span>, as defined in HTTP/1.1 or its
 successor, and is made up in part by a
 <span data-anolis-spec=http>type</span> and a
 <span data-anolis-spec=http>subtype</span>.

 The <dfn>media type portion</dfn> of a <span>valid media type</span> is the
 string represented by concatenating <span data-anolis-spec=http>type</span>,
 the string "<code title>/</code>", and
 <span data-anolis-spec=http>subtype</span>.

 <span data-anolis-ref>HTTP</span>

<p class=note>
 The <span>media type portion</span> of a <span>valid media type</span>
 excludes all <span title=parameter data-anolis-spec=http>parameters</span>
 and is case-insensitive.

 <span data-anolis-ref>HTTP</span>

<p>
 A <span>valid media type</span> is <dfn>supported by the user agent</dfn> if
 the user agent has the capability to interpret a <span>resource</span> of
 that <span>media type</span> and present it to the user.

<p>
 An <dfn>image type</dfn> is any <span>valid media type</span> where
 <span data-anolis-spec=http>type</span> is equal to
 "<code title>image</code>"<!-- or the <span>media type portion</span> is
 equal to one of the following:

 <ul>
  <li>
 </ul>-->.

<p>
 An <dfn>audio type</dfn> is any <span>valid media type</span> where
 <span data-anolis-spec=http>type</span> is equal to
 "<code title>audio</code>" or the <span>media type portion</span> is equal to
 one of the following:

 <ul>
  <li>
   <code title>application/ogg</code>
 </ul>

<p>
 A <dfn>video type</dfn> is any <span>valid media type</span> where
 <span data-anolis-spec=http>type</span> is equal to
 "<code title>video</code>" or the <span>media type portion</span> is equal to
 one of the following:

 <ul>
  <li>
   <code title>application/ogg</code>
 </ul>

<p>
 A <dfn>font type</dfn> is any <span>valid media type</span> where
 <!--<span data-anolis-spec=http>type</span> is equal to
 "<code title>font</code>" or--> the <span>media type portion</span> is equal
 to one of the following:

 <ul class=XXX>
  <li>
 </ul>

<p>
 The <dfn>supplied media type</dfn> of a resource is the <span>valid media
 type</span> of the resource as determined by the <span>supplied media type
 detection algorithm</span>.

<p>
 The <dfn>sniffed media type</dfn> of a resource is the <span>valid media
 type</span> of the resource as determined by the <span>media type sniffing
 algorithm</span>.

<p>
 A <dfn>scriptable media type</dfn> is any of the following
 <span title="valid media type">valid media types</span>:

 <ul>
  <li>
   <code title>text/html</code>

  <li>
   <code title>text/xml</code>

  <li>
   <code title>application/pdf</code>
 </ul>

<p>
 A <dfn>byte pattern</dfn> is a <span>byte sequence</span> used as a template
 to be matched against in the <span>pattern matching algorithm</span>.

<p>
 A <dfn>pattern mask</dfn> is a <span>byte sequence</span> used to determine
 the significance of <span title=byte>bytes</span> being compared against a
 <span>byte pattern</span> in the <span>pattern matching algorithm</span>.

<p class=note>
 In a <span>pattern mask</span>, 0xFF indicates the <span>byte</span> is
 strictly significant, 0xDF indicates that the <span>byte</span> is
 significant in an ASCII case-insensitive way, and 0x00 indicates that the
 <span>byte</span> is not significant.



<h2>The supplied media type</h2>

<p>
 The <span>supplied media type</span> of a resource is provided to the user
 agent by an external source associated with that resource.

 The method of obtaining this information varies depending upon how the
 resource is retrieved.

<p>
 The <span>supplied media type detection algorithm</span> makes use of the
 <dfn>has-content-type flag</dfn>, which must be unset by default and must
 only be set from within the <span>supplied media type detection
 algorithm</span>.

<p>
 To determine the <span>supplied media type</span> of a resource, user agents
 must use the following <dfn>supplied media type detection algorithm</dfn>:

 <ol>
  <li>
   Let <var>official-type</var> be null.

  <li>
   If the resource is retrieved via HTTP and one or more
   <code>Content-Type</code> headers are associated with the resource, set
   <var>official-type</var> to the value associated with the last such
   <code>Content-Type</code> header and set the <span>has-content-type
   flag</span>.

   <span data-anolis-ref=http>HTTP</span>

   <p class=note>
    File extensions are not used to determine the <span>supplied media
    type</span> of a resource retrieved via HTTP because they are unreliable
    and easily spoofed.

  <li>
   If the resource is retrieved directly from the file system, set
   <var>official-type</var> to the <span>media type</span> provided by the
   file system.

  <li>
   If the resource is retrieved via another protocol (such as FTP), set
   <var>official-type</var> to the <span>media type</span> as determined by
   that protocol, if any.

   <span data-anolis-ref class=informative>FTP</span>

  <li>
   If <var>official-type</var> is not a <span>valid media type</span>, set
   <var>official-type</var> to null.

  <li>
   The <span>supplied media type</span> is <var>official-type</var>.
 </ol>



<h2>Reading the resource header</h2>

<p>
 To <dfn>read the resource header</dfn>, perform the following steps:

 <ol>
  <li>
   Read <span title=byte>bytes</span> of the resource into <var>buffer</var>
   until one of the following conditions is met:

   <ul>
    <li>
     the end of the resource is reached.

    <li>
     the length of <var>buffer</var> is greater than or equal to 512
     <span title=byte>bytes</span>.

    <li>
     a reasonable amount of time has elapsed, as determined by the user
     agent.
   </ul>

   <p class=note>
    If the length of <var>buffer</var> is greater than or equal to 512
    <span title=byte>bytes</span>, the <span>media type sniffing
    algorithm</span> will be deterministic for the majority of cases.

    However, certain factors (such as a slow connection) may prevent the
    user agent from reading 512 <span title=byte>bytes</span> in a
    reasonable amount of time.

   <li>
    The <span>resource header</span> is <var>buffer</var>.
 </ol>

 <p class=note>
  The <span>resource header</span> need only be determined once per
  <span>resource</span>.



<h2>The sniffed media type</h2>

<p>
 The following flags are used in the <span>media type sniffing
 algorithm</span> and must be unset by default:
 <var class=flag>sniff-all</var>, <var class=flag>sniff-unknown</var>,
 <var class=flag>sniff-text-or-binary</var>,
 <var class=flag>sniff-feed-or-html</var>, <var class=flag>sniff-images</var>,
 <var class=flag>sniff-audio</var>, <var class=flag>sniff-video</var>,
 <var class=flag>sniff-fonts</var>.

 User agents may explicitly set one or more of these flags when calling the
 <span>media type sniffing algorithm</span>.

<p>
 To determine the <span>sniffed media type</span> of a resource, user agents
 must use the following <dfn>media type sniffing algorithm</dfn>:

 <ol>
  <li>
   If the <span>supplied media type</span> is not null and the <span>media
   type portion</span> of the <span>supplied media type</span> ends in
   "<code title>+xml</code>" or is equal to "<code title>text/xml</code>" or
   "<code title>application/xml</code>", the <span>sniffed media type</span>
   is the <span>supplied media type</span>.

   Abort these steps.

  <li>
   If the <var class=flag>sniff-all</var> flag is set, set the
   <var class=flag>sniff-unknown</var>,
   <var class=flag>sniff-text-or-binary</var>,
   <var class=flag>sniff-feed-or-html</var>,
   <var class=flag>sniff-images</var>, <var class=flag>sniff-audio</var>,
   <var class=flag>sniff-video</var>, and <var class=flag>sniff-fonts</var>
   flags.

  <li>
   If the <var class=flag>sniff-unknown</var> flag is set and the
   <span>supplied media type</span> is null or if the
   <var class=flag>sniff-unknown</var> flag is set and the <span>supplied
   media type</span> is not null and the <span>media type portion</span> of
   the <span>supplied media type</span> is equal to
   "<code title>unknown/unknown</code>",
   "<code title>application/unknown</code>", or "<code title>*/*</code>",
   execute the <span>rules for identifying an unknown media type</span>.

  <li>
   If the <var class=flag>sniff-text-or-binary</var> flag is set and the
   <span>has-content-type flag</span> is set and the <span>supplied media
   type</span> is <strong>exactly</strong> equal to one of the values in the
   following table, execute the <span>rules for distinguishing if a resource
   is text or binary</span>:

   <table>
    <thead>
     <tr>
      <th>Bytes in Hexadecimal</th>
      <th>Bytes in ASCII</th>
     </tr>
    </thead>
    <tbody>
     <tr>
      <td>
       74 65 78 74 2F 70 6C 61 69 6E
      </td>
      <td>
       <code title>text/plain</code>
      </td>
     </tr>
     <tr>
      <td>
       74 65 78 74 2F 70 6C 61 69 6E<br>
       3B 20 63 68 61 72 73 65 74 3D<br>
       49 53 4F 2D 38 38 35 39 2D 31
      </td>
      <td>
       <code title>text/plain; charset=ISO-8859-1</code>
      </td>
     </tr>
     <tr>
      <td>
       74 65 78 74 2F 70 6C 61 69 6E<br>
       3B 20 63 68 61 72 73 65 74 3D<br>
       69 73 6F 2D 38 38 35 39 2D 31
      </td>
      <td>
       <code title>text/plain; charset=iso-8859-1</code>
      </td>
     </tr>
     <tr>
      <td>
       74 65 78 74 2F 70 6C 61 69 6E<br>
       3B 20 63 68 61 72 73 65 74 3D<br>
       55 54 46 2D 38
      </td>
      <td>
       <code title>text/plain; charset=UTF-8</code>
      </td>
     </tr>
    </tbody>
   </table>

   <p class=note>
    The <span>media type sniffing algorithm</span> detects these exact
    <span>byte</span> sequences because some older installations of Apache
    contain a bug that causes them to supply one of these Content-Type headers
    when serving files with unrecognized file extensions.

  <li>
   <!-- XXX: Why are we checking to see if the image type is supported by the
             user agent if we're just going to sniff it again anyway? -->
   If the <var class=flag>sniff-images</var> flag is set and the
   <span>supplied media type</span> is an <span>image type</span>
   <span>supported by the user agent</span>, execute the <span>rules for
   sniffing images specifically</span>.

  <li>
   <!-- XXX: Why are we checking to see if the audio type is supported by the
             user agent if we're just going to sniff it again anyway? -->
   If the <var class=flag>sniff-audio</var> flag is set and the <span>supplied
   media type</span> is an <span>audio type</span> <span>supported by the user
   agent</span>, execute the <span>rules for sniffing audio
   specifically</span>.

  <li>
   <!-- XXX: Why are we checking to see if the video type is supported by the
             user agent if we're just going to sniff it again anyway? -->
   If the <var class=flag>sniff-video</var> flag is set and the <span>supplied
   media type</span> is a <span>video type</span> <span>supported by the user
   agent</span>, execute the <span>rules for sniffing videos
   specifically</span>.

  <li>
   <!-- XXX: Why are we checking to see if the font type is supported by the
             user agent if we're just going to sniff it again anyway? -->
   If the <var class=flag>sniff-fonts</var> flag is set and the <span>supplied
   media type</span> is a <span>font type</span> <span>supported by the user
   agent</span>, execute the <span>rules for sniffing fonts
   specifically</span>.

  <li>
   If the <var class=flag>sniff-feed-or-html</var> flag is set and the
   <span>supplied media type</span> is not null and the <span>media type
   portion</span> of the <span>supplied media type</span> is equal to
   "<code title>text/html</code>", execute the <span>rules for distinguishing
   if a resource is a feed or HTML</span>.

  <li>
   The <span>sniffed media type</span> is the <span>supplied media
   type</span>.
 </ol>



<h3>Text or binary media type</h3>

<p>
 This section defines the <dfn id=rules-for-text-or-binary>rules for
 distinguishing if a resource is text or binary</dfn>:

<ol>
 <li>
  Let <var>length</var> be the number of <span title=byte>bytes</span> in the
  <span>resource header</span>.

 <li>
  If <var>length</var> is greater than or equal to 2 and the first 2 bytes of
  the <span>resource header</span> are equal to 0xFE 0xFF (UTF-16BE BOM) or
  0xFF 0xFE (UTF-16LE BOM), the <span>sniffed media type</span> is
  "<code title>text/plain</code>".

  Abort these steps.

 <li>
  If <var>length</var> is greater than or equal to 3 and the first 3 bytes of
  the <span>resource header</span> are equal to 0xEF 0xBB 0xBF (UTF-8 BOM),
  the <span>sniffed media type</span> is "<code title>text/plain</code>".

  Abort these steps.

 <li>
  If the <span>resource header</span> contains no
  <span title="binary data byte">binary data bytes</span>, the <span>sniffed
  media type</span> is "<code title>text/plain</code>".

  Abort these steps.

 <li>
  Execute the <span>rules for identifying an unknown media type</span> with
  the <var>sniff-scriptable</var> flag unset.

  <p class=warning>
   It is critical that the <span>rules for distinguishing if a resource is
   text or binary</span> never determine the <span>sniffed media type</span>
   to be a <span>scriptable media type</span>, as this could allow a privilege
   escalation attack.
</ol>



<h3>Unknown media type</h3>

<p>
 The <span>rules for identifying an unknown media type</span> use the
 <var>sniff-scriptable</var> flag, which must be unset by default.

 User agents may explicitly set the <var>sniff-scriptable</var> flag when
 calling the <span>rules for identifying an unknown media type</span>.

<p>
 To determine the <span>sniffed media type</span> of a <span>resource</span>
 with an unknown <span>media type</span>, execute the following <dfn>rules for
 identifying an unknown media type</dfn>:

 <ol>
  <li>
   Let <var>length</var> be the number of <span title=byte>bytes</span> in the
   <span>resource header</span>.

  <li>
   If the <var>sniff-scriptable</var> flag is set, execute the following steps
   for each row in the following table:

   <ol>
    <li>
     Let <var>pattern-matched</var> be the result of executing the
     <span>pattern matching algorithm</span> with the following parameters:

     <ul>
      <li>
       Let the <span>byte sequence</span> to be matched be the <span>resource
       header</span>.

      <li>
       Let the <span>byte pattern</span> to be matched against be the value in
       the first column of the current row.

      <li>
       Let the <span>pattern mask</span> be the value in the second column of
       the current row.

      <li>
       Let the leading <span title=byte>bytes</span> to be ignored be the
       value in the third column of the current row.
     </ul>

    <li>
     If <var>pattern-matched</var> is true, the <span>sniffed media type</span>
     is the value in the fourth column of the current row.

     Abort these steps.
   </ol>

   <table>
    <thead>
     <tr>
      <th>
       <span>Byte Pattern</span>
      </th>
      <th>
       <span>Pattern Mask</span>
      </th>
      <th>
       Leading <span title=byte>Bytes</span> to Be Ignored
      </th>
      <th>
       <span>Sniffed Media Type</span>
      </th>
      <th>
       Note
      </th>
     </tr>
    </thead>
    <tbody>
     <tr>
      <td>
       3C 21 44 4F 43 54 59 50 45 20 48 54 4D 4C TT
      </td>
      <td>
       FF FF DF DF DF DF DF DF DF FF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;!DOCTYPE HTML</code>"
       followed by a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 48 54 4D 4C TT
      </td>
      <td>
       FF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;HTML</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 48 45 41 44 TT
      </td>
      <td>
       FF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;HEAD</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 53 43 52 49 50 54 TT
      </td>
      <td>
       FF DF DF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;SCRIPT</code>" followed by
       a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 49 46 52 41 4D 45 TT
      </td>
      <td>
       FF DF DF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;IFRAME</code>" followed by
       a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 48 31 TT
      </td>
      <td>
       FF DF FF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;H1</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 44 49 56 TT
      </td>
      <td>
       FF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;DIV</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 46 4F 4E 54 TT
      </td>
      <td>
       FF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;FONT</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 54 41 42 4C 45 TT
      </td>
      <td>
       FF DF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;TABLE</code>" followed by
       a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 41 TT
      </td>
      <td>
       FF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;A</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 53 54 59 4C 45 TT
      </td>
      <td>
       FF DF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;STYLE</code>" followed by
       a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 54 49 54 4C 45 TT
      </td>
      <td>
       FF DF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;TITLE</code>" followed by
       a <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 42 TT
      </td>
      <td>
       FF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;B</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 42 4F 44 59 TT
      </td>
      <td>
       FF DF DF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;BODY</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 42 52 TT
      </td>
      <td>
       FF DF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;BR</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 50 TT
      </td>
      <td>
       FF DF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The case-insensitive string "<code title>&lt;P</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 21 2D 2D TT
      </td>
      <td>
       FF FF FF FF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/html</code>
      </td>
      <td>
       The string "<code title>&lt;!--</code>" followed by a
       <span>tag-terminating byte</span>.
      </td>
     </tr>
     <tr>
      <td>
       3C 3F 78 6D 6C
      </td>
      <td>
       FF FF FF FF FF
      </td>
      <td>
       <span title="whitespace byte">Whitespace bytes</span>.
      </td>
      <td>
       <code title>text/xml</code>
      </td>
      <td>
       The string "<code title>&lt;?xml</code>".
      </td>
     </tr>
     <tr>
      <td>
       25 50 44 46 2D
      </td>
      <td>
       FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/pdf</code>
      </td>
      <td>
       The string "<code title>%PDF-</code>", the PDF signature.
      </td>
     </tr>
    </tbody>
   </table>

  <li>
   Execute the following steps for each row in the following table:

   <ol>
    <li>
     Let <var>pattern-matched</var> be the result of executing the
     <span>pattern matching algorithm</span> with the following parameters:

     <ul>
      <li>
       Let the <span>byte sequence</span> to be matched be the <span>resource
       header</span>.

      <li>
       Let the <span>byte pattern</span> to be matched against be the value in
       the first column of the current row.

      <li>
       Let the <span>pattern mask</span> be the value in the second column of
       the current row.

      <li>
       Let the leading <span title=byte>bytes</span> to be ignored be the
       value in the third column of the current row.
     </ul>

    <li>
     If <var>pattern-matched</var> is true, the <span>sniffed media
     type</span> is the value in the fourth column of the current row.

     Abort these steps.
   </ol>

   <table>
    <thead>
     <tr>
      <th>
       <span>Byte Pattern</span>
      </th>
      <th>
       <span>Pattern Mask</span>
      </th>
      <th>
       Leading <span title=byte>Bytes</span> to Be Ignored
      </th>
      <th>
       <span>Sniffed Media Type</span>
      </th>
      <th>
       Note
      </th>
     </tr>
    </thead>
    <tbody>
     <tr>
      <td>
       25 21 50 53 2D 41 64 6F 62 65 2D
      </td>
      <td>
       FF FF FF FF FF FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/postscript</code>
      </td>
      <td>
       The string "<code title>%!PS-Adobe-</code>", the PostScript signature.
      </td>
     </tr>
     <tr>
      <td>
       FE FF 00 00
      </td>
      <td>
       FF FF 00 00
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>text/plain</code>
      </td>
      <td>
       UTF-16BE BOM
      </td>
     </tr>
     <tr>
      <td>
       FF FE 00 00
      </td>
      <td>
       FF FF 00 00
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>text/plain</code>
      </td>
      <td>
       UTF-16LE BOM
      </td>
     </tr>
     <tr>
      <td>
       EF BB BF 00
      </td>
      <td>
       FF FF FF 00
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>text/plain</code>
      </td>
      <td>
       UTF-8 BOM
      </td>
     </tr>
     <tr>
      <td>
       47 49 46 38 37 61
      </td>
      <td>
       FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/gif</code>
      </td>
      <td>
       The string "<code title>GIF87a</code>", a GIF signature.
      </td>
     </tr>
     <tr>
      <td>
       47 49 46 38 39 61
      </td>
      <td>
       FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/gif</code>
      </td>
      <td>
       The string "<code title>GIF89a</code>", a GIF signature.
      </td>
     </tr>
     <tr>
      <td>
       89 50 4E 47 0D 0A 1A 0A
      </td>
      <td>
       FF FF FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/png</code>
      </td>
      <td>
       The PNG signature.
      </td>
     </tr>
     <tr>
      <td>
       FF D8 FF
      </td>
      <td>
       FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/jpeg</code>
      </td>
      <td>
       A JPEG SOI marker followed by a byte of another marker.
      </td>
     </tr>
     <tr>
      <td>
       42 4D
      </td>
      <td>
       FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/bmp</code>
      </td>
      <td>
       The string "<code title>BM</code>", a BMP signature.
      </td>
     </tr>
     <tr>
      <td>
       52 49 46 46 00 00 00 00 57 45 42 50 56 50
      </td>
      <td>
       FF FF FF FF 00 00 00 00 FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/webp</code>
      </td>
      <td>
       The string "<code title>RIFF</code>" followed by four bytes followed by
       the string "<code title>WEBPVP</code>".
      </td>
     </tr>
     <tr>
      <td>
       00 00 01 00
      </td>
      <td>
       FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>image/vnd.microsoft.icon</code>
      </td>
      <td>
       A Windows Icon signature.
      </td>
     </tr>
     <tr>
      <td>
       4F 67 67 53 00
      </td>
      <td>
       FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/ogg</code>
      </td>
      <td>
       An Ogg audio or video signature.
      </td>
     </tr>
     <tr>
      <td>
       52 49 46 46 00 00 00 00 57 41 56 45
      </td>
      <td>
       FF FF FF FF 00 00 00 00 FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>audio/wave</code>
      </td>
      <td>
       The string "<code title>RIFF</code>" followed by four bytes followed by
       the string "<code title>WAVE</code>".
      </td>
     </tr>
     <tr>
      <td>
       1A 45 DF A3
      </td>
      <td>
       FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>video/webm</code>
      </td>
      <td class=XXX>
       The WebM signature. [TODO: Use more bytes?]
      </td>
     </tr>
     <tr>
      <td>
       52 61 72 20 1A 07 00
      </td>
      <td>
       FF FF FF FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/x-rar-compressed</code>
      </td>
      <td>
       The RAR archive signature.
      </td>
     </tr>
     <tr>
      <td>
       50 4B 03 04
      </td>
      <td>
       FF FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/zip</code>
      </td>
      <td>
       The ZIP archive signature.
      </td>
     </tr>
     <tr>
      <td>
       1F 8B 08
      </td>
      <td>
       FF FF FF
      </td>
      <td>
       None.
      </td>
      <td>
       <code title>application/x-gzip</code>
      </td>
      <td>
       The GZIP archive signature.
      </td>
     </tr>
    </tbody>
   </table>

   <p class=XXX>
    MP3 audio.

   <p>
    User agents may implicitly extend this table to support additional
    <span title="valid media type">valid media types</span>.

    However, user agents should not implicitly extend this table to include
    additional <span title="byte pattern">byte patterns</span> for any
    <span>sniffed media type</span> already present in this table, as doing so
    could introduce privilege escalation vulnerabilities.

    User agents must not introduce any privilege escalation vulnerabilities
    when extending this table.

  <li>
   If the <span>resource header</span> <span>matches the signature for
   MP4</span>, the <span>sniffed media type</span> is
   "<code title>video/mp4</code>".

   Abort these steps.

  <li>
   If the <span>resource header</span> contains no
   <span title="binary data byte">binary data bytes</span>, the <span>sniffed
   media type</span> is "<code title>text/plain</code>".

   Abort these steps.

  <li>
   The <span>sniffed media type</span> is
   "<code title>application/octet-stream</code>".

   Abort these steps.
 </ol>



<h4>Pattern matching algorithm</h4>

<p>
 To determine whether a <span>byte sequence</span> matches a particular
 <span>byte pattern</span>, use the following <dfn>pattern matching
 algorithm</dfn>:

 <ol>
  <li>
   Let <var>sequence</var> be the <span>byte sequence</span> to be matched,
   and let <var>sequence</var>[<var>s</var>] be <span>byte</span> <var>s</var>
   in <var>sequence</var> (where <var>sequence</var>[0] is the first
   <span>byte</span> in <var>sequence</var>).

  <li>
   Let <var>pattern</var> be the <span>byte pattern</span> to be matched
   against, and let <var>pattern</var>[<var>p</var>] be <span>byte</span>
   <var>p</var> in <var>pattern</var> (where <var>pattern</var>[0] is the
   first <span>byte</span> in <var>pattern</var>).

  <li>
   Let <var>mask</var> be the <span>pattern mask</span>, and let
   <var>mask</var>[<var>m</var>] be <span>byte</span> <var>m</var> in
   <var>mask</var> (where <var>mask</var>[0] is the first <span>byte</span> in
   <var>mask</var>).

  <li>
   Let <var>length</var> be the number of <span title=byte>bytes</span> in
   <var>pattern</var>.

  <li>
   If the number of <span title=byte>bytes</span> in <var>mask</var> is not
   equal to <var>length</var>, return false.

  <li>
   If the number of <span title=byte>bytes</span> in <var>sequence</var> is
   less than <var>length</var>, return false.

  <li>
   Initialize <var>s</var>, <var>p</var>, and <var>m</var> to 0.

  <li>
   Begin loop <var>L</var>:

   <ol>
    <li>
     If <var>pattern</var>[<var>p</var>] is undefined, exit loop <var>L</var>.

    <li>
     Let <var>masked-data</var> be the result of applying the bitwise AND
     operator to <var>sequence</var>[<var>s</var>] and
     <var>mask</var>[<var>m</var>].

    <li>
     If <var>masked-data</var> is not equal to
     <var>pattern</var>[<var>p</var>], return false.

    <li class=XXX>
     If <var>sequence</var>[<var>s</var>] is not a <span>byte to be
     ignored</span>, increment <var>p</var> and <var>m</var> by 1.

    <li>
     Increment <var>s</var> by 1.
   </ol>

  <li>
   Return true.
 </ol>



<h4>Signature for MP4</h4>

<p>
 To determine whether a <span>byte sequence</span> <dfn>matches the signature
 for MP4</dfn>, use the following steps:

 <ol>
  <li>
   Let <var>sequence</var> be the <span>byte sequence</span> to be matched,
   where <var>sequence</var>[0] is the first <span>byte</span> in
   <var>sequence</var>.

  <li>
   Let <var>length</var> be the number of <span title=byte>bytes</span> in
   <var>sequence</var>.

  <li>
   If <var>length</var> is less than 12, return false.

  <li>
   Let <var>box-size</var> be the four <span title=byte>bytes</span> from
   <var>sequence</var>[0] to <var>sequence</var>[3], interpreted as a 32-bit
   unsigned big-endian integer.

  <li>
   If <var>length</var> is less than <var>box-size</var> or if
   <var>box-size</var> modulo 4 is not equal to 0, return false.

  <li>
   If the four <span title=byte>bytes</span> from <var>sequence</var>[4] to
   <var>sequence</var>[7] are not equal to 0x66 0x74 0x79 0x70
   ("<code title>ftyp</code>"), return false.

  <li>
   If the three <span title=byte>bytes</span> from <var>sequence</var>[8] to
   <var>sequence</var>[10] are equal to 0x6D 0x70 0x34
   ("<code title>mp4</code>"), return true.

  <li>
   Let <var>bytes-read</var> be 16.

   <p class=note>
    This ignores the four <span title=byte>bytes</span> that correspond to the
    version number of the "major brand".

  <li>
   While <var>bytes-read</var> is less than <var>box-size</var>, continuously
   loop through these steps:

   <ol>
    <li>
     If the three <span title=byte>bytes</span> from
     <var>sequence</var>[<var>bytes-read</var>] to
     <var>sequence</var>[<var>bytes-read</var> + 2] are equal to 0x6D 0x70
     0x34 ("<code title>mp4</code>"), return true.

    <li>
     Increment <var>bytes-read</var> by 4.
   </ol>

  <li>
   Return false.
 </ol>



<h3>Images</h3>

<p>
 This section defines the <dfn id=rules-for-sniffing-images-specifically>rules
 for sniffing images specifically</dfn>.

<ol>
 <li>
  If the <var>official-type</var> is "image/svg+xml", then let the
  <var>sniffed-type</var> be the <var>official-type</var> (an XML type) and
  abort these steps.

 <li>
  <!-- XXX the <a> needs to be a <span> linking to a <dfn> -->
  If the first bytes match one of the signatures in
  <a href="#unknown-type">unknown type</a> for one of the following media
  types, then let the <var>sniffed-type</var> be the corresponding media type
  and abort these steps:

  <ul>
   <li>
    image/gif

   <li>
    image/png

   <li>
    image/jpeg

   <li>
    image/bmp

   <li>
    image/vnd.microsoft.icon

   <li>
    image/webp
  </ul>

 <li>
  Otherwise, let the <var>sniffed-type</var> be the official-type and abort
  these steps.
</ol>



<h3>Video</h3>

<p>
 This section defines the <dfn id=rules-for-sniffing-video-specifically>rules
 for sniffing videos specifically</dfn>.

<ol>
 <li>
  <!-- XXX the <a> needs to be a <span> linking to a <dfn> -->
  If the first bytes match one of the signatures in
  <a href="#unknown-type">unknown type</a> for one of the following media
  types, then let the <var>sniffed-type</var> be the corresponding media type
  and abort these steps:

  <ul>
   <li>
    video/mp4

   <li>
    video/webm

   <li>
    application/ogg
  </ul>

 <li>
  Otherwise, let the <var>sniffed-type</var> be the <var>official-type</var>
  and abort these steps.
</ol>



<h3>Fonts</h3>

<p>
 This section defines the <dfn id=rules-for-sniffing-fonts-specifically>rules
 for sniffing fonts specifically</dfn>.

<p class=XXX>TODO</p>

<p>
 Otherwise, let the <var>sniffed-type</var> be the <var>official-type</var>
 and abort these steps.



<h3>Feed or HTML</h3>

<ol>
 <li>
  The user agent MAY wait for 512 or more bytes to arrive for the same reason
  as in the "text or binary" section above.

 <li>
  Let <var>s</var> be the stream of bytes, and let <var>s</var>[<var>i</var>]
  represent the byte in <var>s</var> with position <var>i</var>, treating
  <var>s</var> as zero-indexed (so the first byte is at <var>i</var>=0).

 <li>
  If at any point this algorithm requires the user agent to determine the
  value of a byte in <var>s</var> which has not yet arrived, or which is past
  the first 512 bytes, or which is beyond the end of the byte stream, the
  algorithm stops and the <var>sniffed-type</var> is "text/html".

  <p class=note>
   User agents are allowed, by the first step of this algorithm, to wait until
   the first 512 bytes have arrived.

 <li>
  Initialize <var>pos</var> to 0.

 <li>
  If <var>s</var>[0] equals 0xEF, <var>s</var>[1] equals 0xBB, and
  <var>s</var>[2] equals 0xBF, then set <var>pos</var> to 3.

  (This skips over a leading UTF-8 BOM, if any.)

 <li>
  <var>LOOP</var>:
  Examine <var>s</var>[<var>pos</var>].

  <dl class=switch>
   <dt>If it equals 0x09 (ASCII tab), 0x20 (ASCII space), 0x0A (ASCII LF), or 0x0D (ASCII CR):
   <dd>
    Increase <var>pos</var> by 1 and repeat this step.

   <dt>If it equals 0x3C (ASCII "&lt;"):
   <dd>
    Increase <var>pos</var> by 1 and go to the next step.

   <dt>If it is anything else:
   <dd>
    Let the <var>sniffed-type</var> be "text/html" and abort these steps.
  </dl>

 <li>
  If the bytes with positions <var>pos</var> to <var>pos</var>+2 in
  <var>s</var> are exactly equal to 0x21, 0x2D, 0x2D respectively (ASCII for
  "!--"), then:

  <ol>
   <li>
    Increase <var>pos</var> by 3.

   <li>
    If the bytes with positions <var>pos</var> to <var>pos</var>+2 in
    <var>s</var> are exactly equal to 0x2D, 0x2D, 0x3E respectively (ASCII for
    "--&gt;"), then increase <var>pos</var> by 3 and jump back to the previous
    step (the step labeled <var>LOOP</var>) in the overall algorithm in this
    section.

   <li>
    Otherwise, increase <var>pos</var> by 1.

   <li>
    Return to step 2 in these substeps.
  </ol>

 <li>
  If <var>s</var>[<var>pos</var>] equals 0x21 (ASCII "!"):

  <ol>
   <li>
    Increase <var>pos</var> by 1.

   <li>
    If <var>s</var>[<var>pos</var>] equals 0x3E, then increase <var>pos</var>
    by 1 and jump back to the step labeled <var>LOOP</var> in the overall
    algorithm in this section.

   <li>
    Otherwise, return to step 1 in these substeps.
  </ol>

 <li>
  If <var>s</var>[<var>pos</var>] equals 0x3F (ASCII "?"):

  <ol>
   <li>
    Increase <var>pos</var> by 1.

   <li>
    If <var>s</var>[<var>pos</var>] and <var>s</var>[<var>pos</var>+1] equal
    0x3F and 0x3E respectively, then increase <var>pos</var> by 1 and jump
    back to the step labeled <var>LOOP</var> in the overall algorithm in this
    section.

   <li>
    Otherwise, return to step 1 in these substeps.
  </ol>

 <li>
  Otherwise, if the bytes in <var>s</var> starting at <var>pos</var> match any
  of the sequences of bytes in the first column of the following table, then
  the user agent MUST follow the steps given in the corresponding cell in the
  second column of the same row.

  <table>
   <thead>
    <tr>
     <th>Bytes in Hexadecimal</th>
     <th>Requirement</th>
     <th>Comment</th>
    </tr>
   <tbody>
    <tr>
     <td>72 73 73</td>
     <td>Let the <var>sniffed-type</var> be "application/rss+xml" and abort these steps.</td>
     <td>rss</td>
    </tr>
    <tr>
     <td>66 65 65 64</td>
     <td>Let the <var>sniffed-type</var> be "application/atom+xml" and abort these steps.</td>
     <td>feed</td>
    </tr>
    <tr>
     <td>72 64 66 3A 52 44 46</td>
     <td>Continue to the next step in this algorithm.</td>
     <td>rdf:RDF</td>
    </tr>
  </table>

  <p>
   If none of the byte sequences above match the bytes in <var>s</var>
   starting at <var>pos</var>, then let the <var>sniffed-type</var> be
   "text/html" and abort these steps.

 <li>
  Initialize <var>RDF-flag</var> to 0.

 <li>
  Initialize <var>RSS-flag</var> to 0.

 <li>
  If the bytes with positions <var>pos</var> to <var>pos</var>+23 in
  <var>s</var> are exactly equal to 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F,
  0x70, 0x75, 0x72, 0x6C, 0x2E, 0x6F, 0x72, 0x67, 0x2F, 0x72, 0x73, 0x73,
  0x2F, 0x31, 0x2E, 0x30, 0x2F respectively (ASCII for
  "http://purl.org/rss/1.0/"), then:

  <ol>
   <li>
    Increase <var>pos</var> by 23.

   <li>
    Set <var>RSS-flag</var> to 1.
  </ol>

 <li>
  If the bytes with positions <var>pos</var> to <var>pos</var>+42 in
  <var>s</var> are exactly equal to 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F,
  0x77, 0x77, 0x77, 0x2E, 0x77, 0x33, 0x2E, 0x6F, 0x72, 0x67, 0x2F, 0x31,
  0x39, 0x39, 0x39, 0x2F, 0x30, 0x32, 0x2F, 0x32, 0x32, 0x2D, 0x72, 0x64,
  0x66, 0x2D, 0x73, 0x79, 0x6E, 0x74, 0x61, 0x78, 0x2D, 0x6E, 0x73, 0x23
  respectively (ASCII for "http://www.w3.org/1999/02/22-rdf-syntax-ns#"),
  then:

  <ol>
   <li>
    Increase pos by 42.

   <li>
    Set <var>RDF-flag</var> to 1.
  </ol>

 <li>
  Increase <var>pos</var> by 1.

 <li>
  If both the <var>RDF-flag</var> and the <var>RSS-flag</var> are 1, then let
  the <var>sniffed-type</var> be "application/rss+xml" and abort these steps.

 <li>
  If <var>pos</var> points beyond the end of the byte stream <var>s</var>,
  then continue to step 19 of this algorithm.

 <li>
  Jump back to step 13 of this algorithm.

 <li>
  Let the <var>sniffed-type</var> be "text/html" and abort these steps.
</ol>

<p>
 For efficiency reasons, implementations might wish to implement this
 algorithm and the algorithm for detecting the character encoding of HTML
 documents in parallel.



<h2 class=no-num>References</h2>

<div id=anolis-references></div>



<h2 class=no-num>Acknowledgements</h2>

<p>Thanks to
Alfred Hönes,
Anne van Kesteren,
Boris Zbarsky,
David Singer,
Mark Pilgrim,
and
Russ Cox.

<script id=head src=//www.whatwg.org/specs/web-apps/current-work/dfn.js></script>