To clarify, MIME sniffing can be safe, when implemented correctly as per http://mimesniff.spec.whatwg.org/ . iOS Safari gets it wrong.

@mathias
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@mathias There is no excuse for a browser to render content differently than the sent mime type. Ridiculous. -
@AliceWonder32 All browsers perform MIME sniffing to a certain extent: http://mimesniff.spec.whatwg.org/ I guess iOS Safari implements it incorrectly. - 1 more reply
New conversation -
-
-
@mathias that is not restricted to Safari: http://mimesniff.spec.whatwg.org/ Unless Safari does more than prescribed, of course.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@mathias Hmm, my iPhone 5 Safari doesn't run the script in that demo (something.html). Shows the text file as expected.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.