X-Content-Type-Options-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than th…“)
 
Zeile 1: Zeile 1:
There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called [[Drive-by-Download|Drive-by-Download-Attacken]]. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic [[HTML|HTML-Datei]] by the [[Browser]], could infect your computer or other computers with malicious code. For further information on '''X-Content-Type-Options''', please refer to the report by [https://www.golem.de/news/cross-site-scripting-javascript-code-in-bilder- einbetten-1411-110264-2.html Golem.de].
+
There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called [https://en.wikipedia.org/wiki/Drive-by_download drive-by download attacks]. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic [[HTML|HTML-Datei]] by the [[Browser]], could infect your computer or other computers with malicious code. For further information on '''X-Content-Type-Options''', please refer to the report by [https://www.golem.de/news/cross-site-scripting-javascript-code-in-bilder-einbetten-1411-110264-2.html Golem.de (German only)].

Version vom 6. Februar 2019, 14:56 Uhr

There is only one definable value "nosniff", which prevents the Internet Explorer and Google Chrome from searching for other possible MIME types, other than the declared Content-Type (for example text/html). For Chrome this also applies to downloading extensions. The header entry reduces the load from so-called drive-by download attacks. Websites with support for uploading files which, if the names are chosen skillfully, will be treated as executable files or as dynamic HTML-Datei by the Browser, could infect your computer or other computers with malicious code. For further information on X-Content-Type-Options, please refer to the report by Golem.de (German only).