The "Multipart MIME Responses” bit is really interesting. So if I understand correctly:
1) a server under control of an attacker can send a multipart response with multiple HTML parts
2) we ignore all parts except the *last* one (which is probably the right thing to do)
3) malware detection proxies/filters might ignore all parts except the *first* one
(There is no mention of specific software that does #3 so that part is a bit vague but I could see how an attacker could abuse that.)
I don’t know if this is a common technique that is used in the wild. If it is then we might want to consider changing our logic for multipart and render the *first* part received. That would close this loophole.
Not sure if that would break any existing legit apps that might depend on the current multipart behaviour though.
> I don’t know if this is a common technique that is used in the wild.
This is a particular example of a technique that is used in the wild.
It is a consequence of Postel's Law. I call it a "Postel Bug".
Software that accepts "out-of-spec" inputs in order to interoperate
necessarily does so on an ad hoc basis. So, two different
implementations can treat malformed inputs differently. This is exactly
what is happening with the malware detection software and your software.