X-Content-Type-Options-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than th…“)
 
 
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 1: Zeile 1:
There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called [[Drive-by-Download|Drive-by-Download-Attacken]]. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic [[HTML|HTML-Datei]] by the [[Browser]], could infect your computer or other computers with malicious code. For further information on '''X-Content-Type-Options''', please refer to the report by [https://www.golem.de/news/cross-site-scripting-javascript-code-in-bilder- einbetten-1411-110264-2.html Golem.de].
+
There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The [[Header/EN|header]] entry reduces the load from so-called [https://en.wikipedia.org/wiki/Drive-by_download drive-by download attacks]. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic [[HTML|HTML-Datei]] by the [[Browser]], could infect your computer or other computers with malicious code. For further information on '''X-Content-Type-Options''', please refer to the report by [https://www.golem.de/news/cross-site-scripting-javascript-code-in-bilder-einbetten-1411-110264-2.html Golem.de (German only)].

Aktuelle Version vom 8. April 2019, 08:54 Uhr

There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called drive-by download attacks. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic HTML-Datei by the Browser, could infect your computer or other computers with malicious code. For further information on X-Content-Type-Options, please refer to the report by Golem.de (German only).