JavaScript inside a ".watermelons" file: http://goo.gl/8ZUvrm
-
-
Replying to @ImpressiveWebs
@ImpressiveWebs The browser executes a "text/plain" file linked via <script src>? That doesn't sound right.1 reply 0 retweets 0 likes -
Replying to @simevidas
@simevidas I don't think it's "text/plain". Why do you say that? I think it assumes JavaScript by default.@mathias must know. :)1 reply 0 retweets 0 likes -
Replying to @ImpressiveWebs
@ImpressiveWebs@mathias The HTTP response header:pic.twitter.com/kTUm6WOGg3
2 replies 0 retweets 0 likes -
Replying to @simevidas
@simevidas Fair enough. But what about the "js" file (no ext) on mths.be? Why does that execute as "application/javascript" and not plain?1 reply 0 retweets 0 likes -
Replying to @ImpressiveWebs
@ImpressiveWebs The server is configured to respond with a "application/javascript" header when "/js" is accessed.1 reply 0 retweets 0 likes -
Replying to @simevidas
@ImpressiveWebs IMO "application/javascript" and "text/javascript" resources inside <script src> should execute, but "text/plain" shouldn't2 replies 0 retweets 0 likes -
Replying to @simevidas
@simevidas Yeah, that's what I figured. Notably,@mathias wasn't surprised that ".watermelons" works: http://goo.gl/mfsPqG [...]1 reply 0 retweets 0 likes -
Replying to @ImpressiveWebs
@ImpressiveWebs@mathias Did a quick test (http://webplatformdaily.org/perma/1/ ). "text/plain" resource is executed. This behavior is fully cross browser.2 replies 0 retweets 0 likes
@simevidas That’s barring `X-Content-Type-Options: nosniff`, of course. +@ImpressiveWebs
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.