Finn Årup Nielsen wrote:
On Wed, 2011-08-10 at 17:39 +0200, Daniel Friesen wrote:
MediaWiki does not permit this because allowing random people to create pages and have them returned to a user with a text/html or other mimetype creates XSS vectors and ways of distributing malware.
Yes, I that is right, but I suppose that "text/csv" mimetype would be safe?
/Finn
It _seems_ to be safe, both looking at the Media Type Sniffing specification, and our IEContentAnalyzer rewritten from the dread IE sniffing.