By Anonymous Coward Posted Monday 9th March 2009 12:20 GMT
"you are sadly mistaking (sic) about the browser not being at fault"
What you mean is :
"I did something stupid and the browser didn't fix it for me! Wah!"
It is NOT the browser's fault that you have chosen to implement something which is inherently insecure. I sincerely hope you aren't a web developer, because I wouldn't want you working for me.
Thanks for proving my point with that reply.
As a side note I did not claim the browser should 'fix' anything, I said "Failing to validate the source is not done in today's world.".
An extension like NoScript allows the user a chance to validate the source before executing the content. This is a function that could be integrated into the browser itself, and would be a sane addition to the already in-place systems for checking the sources of remote images and cookies.
As for not wanting me working for you, i'm quite content not working for your kind of narrow-minded Neanderthals.
@Wortel the monkey
By Anonymous Coward Posted Tuesday 10th March 2009 08:47 GMT
here's your peanuts. CSS is not a plain text file, it is served as text/css. See, this is the problem we have people without a clue thinking they know what is going on, Wortel is one of them.
I suppose I should thank you for trying to poison me then, as I am allergic to peanuts.
While we are on the subject of ill-thought-through actions, let's address your reply.
A style sheet has been and always will be a plain text file. The only thing you assume correctly is that it is -served- as text/css, but it is still the same plain text file after being transferred to the client. We call that description, 'text/css', a MIME type. You'll find it in Apache's server configuration if you know where to look. You do know where to look, do you?.
You can easily reconfigure Apache to mark a different file as 'text/css' if you wanted. Do we do that? no, we don't. Do we want to? Maybe, in the future.
It doesn't process the file in any other way, that's the job of the web browser.
But I suppose you want to blame the webserver now for handing out style sheets? Go ahead.
In a way I should thank you, for the ignorance of your kind like previous AC keeps people like me whom apparently are "people without a clue thinking they know what is going on" employed, paid and happy. Well scratch the happy part, supporting trolls like yourself should be rewarded with the keys to the armoury.