If I’m providing downloads of .dot or .gv files from a web application, any opinions on the best MIME-type to apply?
Two primary MIME types are important for the role of default types:
text/plainis the default value for textual files. A textual file should be human-readable and must not contain binary data.
application/octet-streamis the default value for all other cases. An unknown file type should use this type. Browsers pay a particular care when manipulating these files, attempting to safeguard the user to prevent dangerous behaviors.
Normally, I’d say ‘text/plain’ is sufficient, but maybe ‘application/octet-stream’ provides a little extra security?
Speaking of which, on the other side, i.e. uploads, are there any security vulnerabilities in allowing user input of dot/gv files which immediately go to one of the layout engines (as opposed to saving in a database)?