Well I am presuming that no website is intentionally creating a bogus file. So I am presuming the bogus content originated from a malicious user. This allows the violation to be handled at the moment it is occuring rather than much later.
Probably the best solution would be some hook that that would allow file validation, and on the fly processing. Looking at the upload docs, it looks like it would be best if some real design thought went in to any solution so it is more than just a adhoc 1-off. -Pat On 5/1/07, Jesse Kuhnert <[EMAIL PROTECTED]> wrote:
Isn't this for the reverse situation though, serving files? Most browsers should be able to tell you what they think the mime type is for incoming files though....I guess that could be exposed in the Upload interface if it's not already.. On 5/1/07, Patrick Moore <[EMAIL PROTECTED]> wrote: > > I am just thinking of the upload component having the ability to notify a > method that the file uploaded looks like an HTML as far as IE is > concerned. > It would be a tool against someone abusing a tapestry-based website. > Fixing > the file or anything else is far beyond my thinking. > > On 5/1/07, Jesse Kuhnert <[EMAIL PROTECTED]> wrote: > > > > I always set the "Content-Disposition: attachment" in my header fields > of > > services returning file data anyways because of related reasons. I don't > > think tapestry can do this for anyone but maybe I'm wrong. > > > > On 5/1/07, Patrick Moore <[EMAIL PROTECTED]> wrote: > > > > > > Hi there -- > > > > > > Brief blog post summarizing yet another 'wonderful' IE idea - MIME > > > sniffing > > > (is this like glue sniffing?) > > > > > > > > > > > > > > > http://www.sworddance.com/blog/2007/05/01/what-the-hell-were-they-thinking/ > > > > > > How reasonable would it be for tapestry to have some way of flagging > an > > > uploaded file that looked like it was pulling this stunt? Obviously > > doing > > > something about it is way beyond what tapestry should do? > > > > > > -Pat > > > > > > > > > > > -- > > Jesse Kuhnert > > Tapestry/Dojo team member/developer > > > > Open source based consulting work centered around > > dojo/tapestry/tacos/hivemind. http://blog.opencomponentry.com > > > -- Jesse Kuhnert Tapestry/Dojo team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind. http://blog.opencomponentry.com
