On Wed, 2011-08-10 at 17:39 +0200, Daniel Friesen
wrote:
MediaWiki does not permit this because allowing
random people to create
pages and have them returned to a user with a text/html or other
mimetype creates XSS vectors and ways of distributing malware.
Yes, I that is right, but I suppose that "text/csv" mimetype would be
safe?
/Finn
It _seems_ to be safe, both looking at the Media Type Sniffing
specification, and our IEContentAnalyzer rewritten from the dread IE
sniffing.