From 9ea5c9259d645247a362e27133912680d0f19fac Mon Sep 17 00:00:00 2001 From: Hiroshige Hayashizaki Date: Tue, 19 Nov 2019 15:35:00 -0800 Subject: [PATCH] Clarify that we intentionally allow `*/*+json` as JSON MIME types --- mimesniff.bs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mimesniff.bs b/mimesniff.bs index 839cfed..702c587 100644 --- a/mimesniff.bs +++ b/mimesniff.bs @@ -471,6 +471,12 @@ any MIME type whose essence is "application/ ends in "+json" or whose essence is "application/json" or "text/json". +

+Unlike [=JavaScript MIME type=], [=JSON MIME type=] allows a broad range of MIME types like +"image/foo+json", because they can have valid use cases and are unlikely to cause +security issues as JSONs are not executed +(#112). +

Handling a resource