Browser MIME sniffing #63
Description
Inspired by Jan Rude and this Hackerone report, the question is how do browsers sniff content type.
Say a response when downloading a .tar.gz file contains Content-Type: application/octet-stream but with a HTML body like this:
<html><script>alert(0)</script></html>
Does the browser interpret this response as a file attachment or an HTML webpage? Certainly the X-Content-Type-Options is not set.