[wp-trac] [WordPress Trac] #64427: Implement WHATWG MIME Sniffing
WordPress Trac
noreply at wordpress.org
Thu Dec 18 02:37:49 UTC 2025
#64427: Implement WHATWG MIME Sniffing
-------------------------+------------------------------
Reporter: dmsnell | Owner: dmsnell
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------------
Description changed by dmsnell:
Old description:
> WordPress interacts with MIME media types in a number of places in ad-hoc
> ways. These tend to perform unique parsing, which means they lack
> consistency and correspondence with how browsers parse MIME types.
>
> For reference, the MIME media type is often derived from the HTTP
> `Content-Type` header, which contains a type, a subtype, and an optional
> list of parameters. A common example is `text/html` indicating HTML,
> `image/png` indicating a PNG image, and `application/xhtml+xml`
> indicating the XML serialization of HTML.
>
> Discrepancies arise when the supplied type string doesn’t match exactly
> the anticipated forms. For example, with parameters or whitespaces:
>
> - `text/html; charset=utf8`
> - `text/plain ; charset="utf-8;iso-2022-jp`
>
> For reliable, consistent, and secure parsing, WordPress should implement
> the [https://mimesniff.spec.whatwg.org WHATWG MIME Sniffing
> specification], which the browsers will implement. This will ensure
> agreement between the server and clients on what content type strings
> refer to which media types.
>
> The MIME Sniffing specification governs `Content-Type` values //and
> also// a limited number of media types from files based on byte sequences
> in the “resource header” — the first 1445 bytes of the binary data. These
> binary sniffs are mostly limited to media types relevant to browsers.
>
> == Related tickets
>
> - #40175 Inferred MIME types from files inconsistent.
> - #45670 sniffing MIME media types based on different rules than a
> browser would use
New description:
WordPress interacts with MIME media types in a number of places in ad-hoc
ways. These tend to perform unique parsing, which means they lack
consistency and correspondence with how browsers parse MIME types.
For reference, the MIME media type is often derived from the HTTP
`Content-Type` header, which contains a type, a subtype, and an optional
list of parameters. A common example is `text/html` indicating HTML,
`image/png` indicating a PNG image, and `application/xhtml+xml` indicating
the XML serialization of HTML.
Discrepancies arise when the supplied type string doesn’t match exactly
the anticipated forms. For example, with parameters or whitespaces:
- `text/html; charset=utf8`
- `text/plain ; charset="utf-8;iso-2022-jp`
For reliable, consistent, and secure parsing, WordPress should implement
the [https://mimesniff.spec.whatwg.org WHATWG MIME Sniffing
specification], which the browsers will implement. This will ensure
agreement between the server and clients on what content type strings
refer to which media types.
The MIME Sniffing specification governs `Content-Type` values //and also//
a limited number of media types from files based on byte sequences in the
“resource header” — the first 1445 bytes of the binary data. These binary
sniffs are mostly limited to media types relevant to browsers.
== Ad-hoc parsers
- `wp_finalize_template_enhancement_output_buffer` in `template.php`
- `wp_mail` in `pluggable.php`
- Global code in `wp-mail.php`
- `wp_staticize_emoji_for_email` in `formatting.php`
- `download_url` in `wp-admin/includes/file.php`
- `discover_pingback_server_uri` in `comment.php`
- `do_enclose` in `functions.php`
- `get_file_extension_by_mime_type` in
== Related tickets
- #40175 Inferred MIME types from files inconsistent.
- #45670 sniffing MIME media types based on different rules than a
browser would use
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64427#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list