Content Sniffing Attacks in Web Browsers

Abstract

Cross-site scripting defenses often focus on HTML documents, neglecting attacks involving the browser's content sniffing algorithm, which can treat non-HTML content as HTML. Web applications, such as the one that manages this conference, must defend themselves against these attacks or risk authors uploading malicious papers that automatically submit stellar self-reviews. In this paper, we formulate content sniffing attacks and defenses. We study content sniffing attacks systematically by constructing high-fidelity models of the content sniffing algorithms used by four major browsers. We compare these models with web site content filtering policies to construct attacks. To defend against these attacks, we propose and implement a principled content sniffing algorithm that provides security while maintaining compatibility. Our principles have been adopted, in part, by Internet Explorer 8 and, in full, by Google Chrome and the HTML 5 working group

Results

Th signatures contains the mime signatures used by Internet Explorer 7, Firefox 3, Safari 3.1, Google Chrome, and the HTML 5 specification. You can view these signatures by browser, which will display the signatures for each mime type used that browser, or by mime type, which will display the signatures for each browser for that mime type.