[whatwg] "Content-Disposition" property for <a> tags
lcamtuf at coredump.cx
Sat Apr 30 12:12:17 PDT 2011
> So, it's not so much the security issue (the browser's job), but an
> appearance-of-fault issue: the site not wanting to be blamed if the
> browser fails at that job.
Well, the browser does the best it can (i.e., documents the origin of
a download), and the user does the best he can (examines the displayed
origin). If that's not enough, then we have a problem.
(That's not unique to disposition=, by the way; on unrecognized MIME
types, browsers often derive file name from the notoriously unreliable
URL path signal, which is completely controlled by the attacker in
cases such as the PATH_INFO mechanism in Apache.)
More information about the whatwg