Content Types in browsers, can we use the Mime??

Posted by SoLoGHoST on Stack Overflow See other posts from Stack Overflow or by SoLoGHoST
Published on 2010-05-15T13:42:44Z Indexed on 2010/05/15 13:44 UTC
Read the original article Hit count: 180

Filed under:

mimetypes

|

content-type

Ok, I am wondering which mime types are dangerous in browsers? That is to say setting the Content Type to that mime type?? Which mime types, if any would pose a security risk??

I am noticing that many forum software, when uploading files, use the application/octet-stream for any files other than images and place that into the Content Type of the header. I am wondering why don't they place the actual mime-type instead into the Content Type? Are there security risks involved with this? So far I have used text/css, text/plain, audio/mpeg, and many others and haven't noticed any difference between application/octet-stream and these others.

Does anyone out there know the exact difference, and what makes application/octet-stream any better, or any worse...to use for the Content Type??

Thank You :)

© Stack Overflow or respective owner

Related posts about mimetypes

Where do I find a list of officially supported mimetypes for Android?

as seen on Stack Overflow - Search for 'Stack Overflow'
I found out that on Android contacts, at least HTC Sense stores Facebook ID with the following mimetype: vnd.android.cursor.item/vnd.facebook.profile this differs from their mimetype format such as com.htc.socialnetwork.facebook/smallavatar I am wondering where do I find a list of officially supported… >>> More
Sending most correct mimetype

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have a list of extension to mimetype in a INI file. However some extensions have multiple mimetypes, for example; midi[] = "application/x-midi" midi[] = "audio/midi" midi[] = "audio/x-mid" midi[] = "audio/x-midi" midi[] = "music/crescendo" midi[] = "x-music/x-midi" 6 (possible) mimetypes… >>> More
Do I need to replace localhost in the IIS://localhost/MimeMap when reading the Mimemap

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm reading out the mime types from IIS's MimeMap using the command _mimeTypes = new Dictionary<string, string>(); //load from iis store. DirectoryEntry Path = new DirectoryEntry("IIS://localhost/MimeMap"); PropertyValueCollection PropValues = Path.Properties["MimeMap"]; IISOle.MimeMap MimeTypeObj; foreach… >>> More
How does SimpleWorkerRequest associate MIME types with extensions?

as seen on Stack Overflow - Search for 'Stack Overflow'
I was serving html referencing svg files in Cassini, and having problems since the mime type was not being sent properly. I ended up writing my own port of Cassini that set the extension based on mime type. After a good night of sleep I realized that there might be some sort of registry key or config… >>> More
Override mime type with VS Web Dev Server

as seen on Stack Overflow - Search for 'Stack Overflow'
I would like to serve xbaps from the VS web dev server (cassini) to Firefox, but when served from the dev server, Firefox offers to download this file. As far as I can tell, this is because the dev server is serving the xbap file with a mime type of "application/octet-stream" instead of "application/x-ms-xbap"… >>> More

Related posts about content-type

jax-ws change Content-type to Content-Type because server is hyper sensitive

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to connect to a poorly implemented server that only understands Content-Type(capital-T) and not Content-type. How can I ask my jax-ws client to send Content-Type? I've tried Map<String, List<String>> headers = (Map<String, List<String>>) ((BindingProvider)port).getRequestContext()… >>> More
Plan your SharePoint 2010 Content Type Hub carefully

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Currently setting up a new environment on SharePoint 2010 (which was made available for download yesterday if anyone missed that :-). One of the new features of SharePoint 2010 is to set up a Content Type Hub (which is a part of the Metadata Service Application), which is a hub for all Content Types… >>> More
Apache/2.2.20 (Ubuntu 11.10) gzip compression won't work on php pages, content is chunked

as seen on Server Fault - Search for 'Server Fault'
I'm running into a problem with a new production server whereto I'm transferring projects. The HTML output of the PHP applications isn't compressed by the Apache mod_deflate module. Other resources, as stylesheet and javascript files, even html pages, which are served with the same Content-type (text/html)… >>> More
HTTP Content-Type in ASP.Net SoapHttpClientProtocol

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi there, I have a problem with a Web Service Consumer written in ASP.NET. The error message is: System.InvalidOperationException: Client found response content type of 'application/xml; charset=utf-8', but expected 'text/xml'. The client is based on System.Web.Services.Protocols.SoapHttpClientProtocol… >>> More
WAMP not sending file headers (content-type) correctly

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I cant get a PHP file to send correct headers at my WAMP server. Wouldn't be a problem normally except that is phpMyAdmin that is freaking out right now. Here's the row that the file that merges the css files together in phpmyadmin uses to send the output as CSS. header('Content-Type: text/css;… >>> More