How to do this in MSIE: saving a GIF image which was generated on-the-fly

In comp.infosystems.www.authoring.html Dobedani said:

In Netscape 7.1 I can rightclick the image and save it as GIF, because
the image irecognised as GIF! However, in MSIE I can only save it as
BMP!!!

known bug
http://support.microsoft.com/default...b;en-us;810978
--
v o i c e s

Dobedani wrote:

I am developing / maintaining a web application which generates GIF
images on the fly. When I send the image, I make sure a header is sent
first with MIME-type image/gif. My HTML-code to show the image looks
like this:

<IMG
SRC="http://myserver/scripts/mycgi.exe?page=graphsym&favid=myfav4&numlines=1&k
ey=18"
BORDER="0">

In Netscape 7.1 I can rightclick the image and save it as GIF, because
the image irecognised as GIF! However, in MSIE I can only save it as
BMP!!! MSIE does not even understand that it is a GIF, although the
image is shown all right.

This is a common problem. What you have to do is provide your visitors with
a filename that ends in ".gif" instead of ".exe". On Apache servers you can
do this by adding a RewriteRule to your .htaccess file.

You can't solve this problem with HTML, so try posting your question in a
newsgroup that's relevant to the software running on your server.

Phil
--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)

"Philip Ronan" <ph***********@virgin.net> wrote in message
news:BD954F13.23C28%ph***********@virgin.net...

Dobedani wrote:

I am developing / maintaining a web application which generates GIF
images on the fly. When I send the image, I make sure a header is sent
first with MIME-type image/gif. My HTML-code to show the image looks
like this:

<IMG
SRC="http://myserver/scripts/mycgi.exe?page=graphsym&favid=myfav4&numlines=1&k
ey=18"
BORDER="0">

In Netscape 7.1 I can rightclick the image and save it as GIF, because
the image irecognised as GIF! However, in MSIE I can only save it as
BMP!!! MSIE does not even understand that it is a GIF, although the
image is shown all right.
This is a common problem. What you have to do is provide your visitors
with
a filename that ends in ".gif" instead of ".exe". On Apache servers you
can
do this by adding a RewriteRule to your .htaccess file.

You can't solve this problem with HTML, so try posting your question in a
newsgroup that's relevant to the software running on your server.

I have come across this problem several times. (assuming you're not
suffering from the internet cache problem mentioned in the previous reply)

IE often ignores the mime type; it simply looks back from the end of the URL
until it finds a dot and determines the file extension from that.

So, assuming you know the file type when you generate the <img> tag, just
make sure the url ends in .gif thus:

http://myserver/scripts/mycgi.exe?pa...=1&key=18&.gif

Phil
--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)

Andy Fish wrote:

IE often ignores the mime type; it simply looks back from the end of the URL
until it finds a dot and determines the file extension from that.

So, assuming you know the file type when you generate the <img> tag, just
make sure the url ends in .gif thus:

http://myserver/scripts/mycgi.exe?pa...lines=1&key=18
&.gif

.... I didn't realize IE was THAT stupid!

What I was suggesting was something like this:
<http://www.japanesetranslator.co.uk/nj?n=andy>

The image is generated by a PHP script with a long search string tagged on
to the end of the filename, but to keep the low-IQ browsers happy I'm using
a RewriteRule to make it look like a file called "Andy.png"

--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)

Andy Fish wrote:

"Philip Ronan" wrote ...

Dobedani wrote:

I am developing / maintaining a web application which generates
GIF images on the fly. When I send the image, I make sure a
header is sent first with MIME-type image/gif.

in MSIE I can only save it as BMP!!! MSIE does not even
understand that it is a GIF

IE often ignores the mime type; it simply looks back from the end of
the URL until it finds a dot and determines the file extension from
that.

That would be different than its previous behavior. IE used to sniff the
*contents* of a file to guess its content type, in violation of relevant
protocols. Only if content-sniffing failed would IE resort to other
measures, such as the MIME header, which is supposed to be definitive,
or "file extension", which is rather meaningless in the context of a
url, but that's Microsoft for you.

Recently, MS claimed to have fixed this. However, in announcing the
changes on their website, they advised web authors to make sure that the
file extension matched the content type. As I said, file extension is
meaningless in a url.[1] I have not downloaded the security patch that
fixes that security hole (and doubtless introduces new ones), so I
cannot test whether MS now looks at "file extension", whatever that
means. But I'd be suspicious, at least, that characters after a "."
would make a difference unless you can test the claim.
[1] File extension is only relevant on the server, which might use it to
choose an appropriate content-type header. But the changes MS announced
were for MSIE, not for IIS.

--
Brian (remove "invalid" to email me)

Brian (us*****@julietremblay.com.invalid) wrote:

: Recently, MS claimed to have fixed this. However, in announcing the
: changes on their website, they advised web authors to make sure that the
: file extension matched the content type. As I said, file extension is
: meaningless in a url.[1]

it's relevent for `file:' urls, and `ftp:' urls

: [1] File extension is only relevant on the server, which might use it to
: choose an appropriate content-type header.

Yes, pretty much every server, including apache, guesses what the mime
type should be based on the file name extension.

Ironic isn't it?

The problem with IE is that the security sucks. It has little to nothing
to do with file name extensions or mime content types, and everything to
do with the design of the product and its environment.

Malcolm Dew-Jones wrote:

Brian wrote:

[1] File extension is only relevant on the server, which might use
it to choose an appropriate content-type header.

Yes, pretty much every server, including apache, guesses what the
mime type should be based on the file name extension.

That depends on the filesystem, too. And Apache, at least, can be
configured in other ways. It is quite common to treat all files in a
particular directory a certain way, e.g., cgi, regardless of any file
extension.
Ironic isn't it?
Not really, no. MSIE claims to be an HTTP user agent, not a file system.
Unix, by contrast is a file system.
The problem with IE is that the security sucks. It has little to
nothing to do with file name extensions or mime content types,

Wrong. MIME guessing is a security concern. I'll grant you that there
are other security concerns, but cannot agree that MIME guessing is trivial.

--
Brian (remove "invalid" to email me)