* Jorge Arellano Cid (jcid@dillo.org):
Hi there!
The new dillo-0.8.6-rc3 tarball is ready for download. Get it from:
Compiles and works on FreeBSD 4, 5, and 6 with and without downloads.dpi.
Finally I decided to include a big patch for the MIME type detection and its handling. This is an important change in the way Dillo treats its incoming files (HTTP streams).
The point: as this release comes with a new downloads GUI, and downloads are mainly the focus, I disliked the situation where a Web server "lied" with regard to the Content/Type of a file.
I am not too happy with this. As already pointed out on this list, mp3's will be treated as test because they start with "ID3". There may be other interesting cases: When I first read your post, I immediately thought of Windows' Explorer and the WMF vulnerability - no matter how you named a WMF file, it would always be rendered as if it were named .wmf, completely breaking Windows POLA where the extension of a file is authoritative. You might open an interesting backdoor with content sniffing applications. Is is possible to make this a compile time/runtime option somehow, defaulting to disabled?