mmcd79@tampabay.rr.com
07-09-2005, 10:09 PM
I just found out the hardware that XP SP2 has enabled a security
function that prevents unknown file types from being rendered base on
their "content type". At least this is how I read the information.
I'm confused on something though. I hope someone can help me
understand.
Here's my issue first:
I had a file generated, and in it, the content type was listed as
"text/html". The file was created locally from a webserver and it was
created in my c:\temp directory with a name.extension of
viewfile.8859-1 I don't know why they named the file that.
Anyway my sp2 machine cannot open this file using internet explorer.
It just renders the page as text only, so I see all the html tags.
(per the microsoft information about it's new MIME_SNIFFING feature
being disabled by default this seems ok). I change a registry key to
disable this security function and all works fine. I also had the
choice of renaming the file to an extension that iexplore understood,
i.e. *.htm. Great. Problem solved.
My "confusion" comes with the self-found anomalies prior to finding
this new security feature documentation. If I took that file that I
could not open, and copied it to some network location (i.e. a share on
another computer, or one of my network drives) I could open the file
without any problem at all without having to rename the file or make
the previously mentioned registry edit.
How is it that mime sniffing is enabled, but only for the local
machine? If the file is hosted elsewhere, the mime_sniffing seems to
work unhindered.
Bug on Microsoft's behalf maybe? Am I just missing something?
Test for yourself. Create a text document with the following lines:
<html>
<body>Test</body>
</html>
Save it with an unknown file extension i.e. filename.htmfile
Try to open it. Choose a program when prompted and choose internet
explorer. (make sure you uncheck the "always use this program to open"
box, as it will cause the file to not be able to open at all). It will
open and you will see the html tags within the iexplore window. Rename
the file to a known extension, i.e. filename.htm and then open it. All
works fine.
function that prevents unknown file types from being rendered base on
their "content type". At least this is how I read the information.
I'm confused on something though. I hope someone can help me
understand.
Here's my issue first:
I had a file generated, and in it, the content type was listed as
"text/html". The file was created locally from a webserver and it was
created in my c:\temp directory with a name.extension of
viewfile.8859-1 I don't know why they named the file that.
Anyway my sp2 machine cannot open this file using internet explorer.
It just renders the page as text only, so I see all the html tags.
(per the microsoft information about it's new MIME_SNIFFING feature
being disabled by default this seems ok). I change a registry key to
disable this security function and all works fine. I also had the
choice of renaming the file to an extension that iexplore understood,
i.e. *.htm. Great. Problem solved.
My "confusion" comes with the self-found anomalies prior to finding
this new security feature documentation. If I took that file that I
could not open, and copied it to some network location (i.e. a share on
another computer, or one of my network drives) I could open the file
without any problem at all without having to rename the file or make
the previously mentioned registry edit.
How is it that mime sniffing is enabled, but only for the local
machine? If the file is hosted elsewhere, the mime_sniffing seems to
work unhindered.
Bug on Microsoft's behalf maybe? Am I just missing something?
Test for yourself. Create a text document with the following lines:
<html>
<body>Test</body>
</html>
Save it with an unknown file extension i.e. filename.htmfile
Try to open it. Choose a program when prompted and choose internet
explorer. (make sure you uncheck the "always use this program to open"
box, as it will cause the file to not be able to open at all). It will
open and you will see the html tags within the iexplore window. Rename
the file to a known extension, i.e. filename.htm and then open it. All
works fine.