Web/browser-security maven and coder Adam Barth has been working on implementing a content sniffer in WebKit, based on a content-sniffing algorithm that was originally specified in the HTML5 draft, but that’s now specified as a separate IETF draft that Adam is editing and that’s titled, Content-Type Processing Model.
WebKit applications/ports for particular platforms all currently need to rely on platform-specific content-sniffer code outside of WebKit. There are some reasons why it’s a good idea to do things that way — but there are also some good reasons not to; as Adam notes, doing things that way runs the risk of creating compatibility and security differences among various WebKit ports. So implementing a content-sniffer in WebKit itself will eliminate those differences.
About content sniffing
The open Web platform has evolved with a number of messy, infamous(mis)features; chief among those is content-type sniffing — a mechanism that has earned a particularly exceptional amount of disdain from a certain faction of ideologists who tend to favor a more Antonin Scalia/Clarence Thomas-style of absolutist, original-intent adjudication for solving issues with Web-protocol standards.
One thing they don’t seem to realize is the rest of us don’t like content-type sniffing much either. In a perfect realization of Web-protocol standards, content-type sniffing would have no place. But the Web that exists in practice is in fact a deeply imperfect realization of standards. Some of those who lean more toward original-intent ideology in this area seem unable to accept the fact that’s the way the Web really is, and always will be — and discussions about the topic in public fora often tend to sound a bit like discussions between (depending on your point of view) either:
- reactionary hard-liners on the one side, and seasoned practitioners of realpolitick on the other; or
- principled defender of the rule of law on the one side, and misguided advocates for appeasement on the other
Those who fall into the second group (practitioners of realpolitick or advocates for appeasement, depending on your point of view) are resigned to the view that because the actual Web in practice has evolved with a place for content-type sniffing behavior (however unsavory that place may be), we need to specify and implement that behavior in a standard way across browsers — so that at least we can have UAs behaving in an interoperable manner with regard to it.
June 23rd, 2009 at 3:35 pm
Thumbs up on the content, but please look into making some improvements to your writing style. You’re writing about web technology, which is a very international topic - not everyone in your audience will be familiar with Scalia and Thomas and their policies, making them an awkward analogy. Also, later you use the imported-from-German term “Realpolitik” a few times (but misspell it as “Realpolitick”) which has a bad “look at me, I know fancy words” vibe to me (and I actually am German).
Good writing is simple, clear writing. Don’t try so hard to prove you’re a smart guy by way of the language you use.
Sorry if I’m smartassing here myself, but actually like the focus of your blog (a good commentary on what’s going on in the WebKit world is something I’ve been looking for) and would like to see it become an even better resource for even more people.
June 23rd, 2009 at 3:36 pm
(”but actually” should’ve been “but I actually” in the first comment.)
July 13th, 2009 at 3:47 pm
Agree about dumping the politics references; they’re not relevant to the topic at hand and only distract, and they set up a strawman that philosophies of interpretation of constitutions and of laws are necessarily applicable and should be applied to technical standards and industry agreements. Most important, I don’t think most people (particularly not people who have actually given both areas more than cursory thought) would actually believe this to be the case. Assuming arguendo that they do, however, I think salient and differentiating features of government and the legal system can arguably be said to preclude the rationales for “deviation” from technical standards.
This particular matter also raises questions about whether shipping one’s own libraries (or copies of platform libraries) is really about not-invented-here-ness or rather about security and cross-platform consistency, a topic which I have raised once before on my own site in a partly-serious, partly-snarky way. I don’t feel a strong need to provide my own substantial analysis at the moment, so I leave it to the reader to consider the implications for himself.