Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text files in internet explorer

From: Bill Weiss <houdini () nmt edu>
Date: Mon, 2 Sep 2002 10:47:27 -0600
byron(vulndev () glob com au)@Mon, Sep 02, 2002 at 09:15:46AM +0800:

Is it just me or is impossible to have plain text in internet explorer?
http://www.charm.net/~johnh/annoying.txt


http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q239750&ID=KB;EN-US;Q2
39750&FR=1


i find it strange that ie has 26 hard coded tests to determine the mime type
of a document (see
http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker
/overview/appendix_a.asp) with no means to disable these tests except for
text/plain.


Does anyone find some of the examples they use worrying?

(from #5)
"As an example, this is necessary when downloading, among others, .bat and .cmd files, which are plain text files, are 
frequently identified by the server as 'text/plain', and have no associated MIME type in the registry. Without the 
final check for an associated application, these would be displayed in-pane, whereas the desired behavior is to launch 
the command interpreter. "

Of course, any time we look at any potentially executable content, IE
should short-circuit the server's preference of whether it is executed...

-- 
Bill Weiss
Previous By Date Next
Previous By Thread Next

Current thread: