Text File Upload Example
- The browser will sniff the content
- Decide that it’s a text/html type of file, and
- Run the code inside
Even the image files that are uploaded to our websites should include the Content-Type header when returned to the user. Otherwise, script and other malicious code could be injected into the metadata of image files (EXIF data) and be executed.