What Media Types for Browsing?
Thanks to a comment from “Anon,” I’m auditing the media types used to serve files from the “Browse” links on the site. The browse interface is managed by Plack::App::Directory, which gets its media type mapping from this file. What PGXN::API does is simply change the mappings of some of those types to
text/plain. As of this commit, files are served as plain text if:
- The strings “html”, “x-c”, “xml”, “calendar”, or “vcard” appear in the default media type; or
- The file name extension is one of
Are there other media types that should be disabled for safe browsing of user-submitted content?