Using Bugzilla to hide spam sites
gerv at mozilla.org
Tue May 15 11:49:52 UTC 2007
Max Kanat-Alexander wrote:
> Oh, I see. So they can still attach the thing, it just shows
> up as text/plain until they set it otherwise.
> Would we do that by setting a list of "dangerous" types? I
> think that might be a bit hard to make/maintain. But it could probably
> be done.
It wouldn't be all that hard to maintain. The list of
browser-displayable, scriptable types doesn't change all that often.
Of course, instead of a blacklist, we could have a whitelist. Perhaps
text/plain, application/zip, application/octet-stream and a few others.
Alternatively, we could invent our own MIME types,
application/x-bugzilla-upload-binary, which was set on all uploads from
non-permissioned people by default. When actually serving it, we'd
detect IE and serve Content-Disposition: attachment, and detect Firefox
and use text/plain or application/octet-stream.
Would something like this fly?
Or should we just accept this as a fact of life?
More information about the developers