OT: IE6 appears to fix mime-type bug (was Re: New Python WebMail app)

[Peter Hansen]

Alex Martelli wrote:
> 
> "Roman Suzi" <rnd at onego.ru> wrote:
[...]
> >  --====_ABC1234567890DEF_====
> >  Content-Type: audio/x-wav;
> >          name="NIMDA.exe"
> >  Content-Transfer-Encoding: base64
> >  Content-ID: <EA4DMGBP9p>
> >
> > ...
> >
> > I hope, Mozilla will NEVER support such a "feature"!
> 
> You're *HOPING* that Mozilla NEVER supports the W3 standards?!
> 
> Of course, given a content-type of audio/x-wav, the browser (no
> matter how that content-type gets to it -- IFRAME, OBJECT, FRAME
> in a frameset, or any other way yet) should handle it appropriately
> (it's a well-known, long-standing bug in IE that file associations
> for the "extension" override mime-types -- I'm not sure if the bug
> has been fixed in IE6, since many badly-coded sites may rely on
> the bug being present, supplying wrong mime-types).  

Sorry to post off-topic, but this issue just caused to much
trouble I thought it worth the inconvenience:

Yesterday, as a result of Nimda, we experimented with IE6
specifically to see if it fixed this problem.  Unlike previous
versions, IE6 would launch Media Player as though the file
were an "audio/x-wav", rather than execute it as an ".exe"
when presented with the Nimda attachment (when in the form
of an Outlook .eml file).  I can't say for sure it also does
the same with the above referenced web page (IFRAME), but
one would assume it does.

Along with their apparently improved appreciation of the 
value of following standards, Microsoft _may_ actually be
starting to improve their understanding of security issues.
(Or more likely they just removed one of the fifteen 
thousand outstanding security problems in IE...)  At least
in this case, they seem finally to be putting compliance with
standards over compatibility with legacy "badly-code sites 
[which] may rely on the bug being present".

-- 
----------------------
Peter Hansen, P.Eng.
peter at engcorp.com