*Today web browsers, code editors, and countless other software rely on file-typ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		userbinator on Feb 16, 2024 \| parent \| context \| favorite \| on: Magika: AI powered fast and efficient file type id... Today web browsers, code editors, and countless other software rely on file-type detection to decide how to properly render a file. "web browsers"? Odd to see this coming from Google itself. https://en.wikipedia.org/wiki/Content_sniffing was widely criticised for being problematic for security.

rafram on Feb 16, 2024 [–]

Content sniffing can be disabled by the server (X-Content-Type-Options: nosniff), but it’s still used by default. Web browsers have to assume that servers are stupid, and that for relatively harmless cases, it’s fine to e.g. render a PNG loaded by an <img> even if it’s served as text/plain.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact