Using Bugzilla to hide spam sites

Gervase Markham gerv at mozilla.org
Tue May 15 11:49:52 UTC 2007


Max Kanat-Alexander wrote:
> 	Oh, I see. So they can still attach the thing, it just shows
> up as text/plain until they set it otherwise.
> 
> 	Would we do that by setting a list of "dangerous" types? I
> think that might be a bit hard to make/maintain. But it could probably
> be done.

It wouldn't be all that hard to maintain. The list of 
browser-displayable, scriptable types doesn't change all that often.

Of course, instead of a blacklist, we could have a whitelist. Perhaps 
text/plain, application/zip, application/octet-stream and a few others.

Alternatively, we could invent our own MIME types, 
application/x-bugzilla-upload-text and 
application/x-bugzilla-upload-binary, which was set on all uploads from 
non-permissioned people by default. When actually serving it, we'd 
detect IE and serve Content-Disposition: attachment, and detect Firefox 
and use text/plain or application/octet-stream.

Would something like this fly?

Or should we just accept this as a fact of life?

Gerv



More information about the developers mailing list