← Back to release summary

Block script execution for non-script MIME types.

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 55)

Intent stage

None

Summary

Script should not execute if it is delivered with a MIME type of 'audio/*', 'image/*', 'video/*', or 'text/csv'.

Standards & signals

• Specification: https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-mime-type?
• Firefox: In development
• Safari: No signal
• Web developers: No signals
• Tracking bug: https://crbug.com/433049

View on chromestatus.com