Skip to content

0xDE57/mimeTypeCheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
screenshot.png
screenshot.png
 
 
test.gif
test.gif
 
 
testload.html
testload.html
 
 

Repository files navigation

File uri MIME type check

The file test.gif has some javascript appended to the end of the file. screenshot

It is executed when loaded as a script:

<script src="test.gif"></script>
  1. Download folder locally and open testload.html in a browser.
  2. If you get a javascript alert, your browser did not enforce MIME type check before executing the .gif

Check console for error message.

Chrome:
Refused to execute script from '.../test.gif' because its MIME type ('image/gif') is not executable.

Firefox:
Loading script from file: URI (“.../test.gif”) was blocked because its MIME type (“image/gif”) is not a valid JavaScript MIME type.

To fix on Firefox:

  1. goto about:config
  2. set property security.block_fileuri_script_with_wrong_mime to true

About

No description or website provided.

Topics

mime mime-type

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Contributors

Languages