[whatwg] "Content-Disposition" property for <a> tags

Michal Zalewski lcamtuf at coredump.cx
Sat Apr 30 12:12:17 PDT 2011

> So, it's not so much the security issue (the browser's job), but an
> appearance-of-fault issue: the site not wanting to be blamed if the
> browser fails at that job.

Well, the browser does the best it can (i.e., documents the origin of
a download), and the user does the best he can (examines the displayed
origin). If that's not enough, then we have a problem.

(That's not unique to disposition=, by the way; on unrecognized MIME
types, browsers often derive file name from the notoriously unreliable
URL path signal, which is completely controlled by the attacker in
cases such as the PATH_INFO mechanism in Apache.)


More information about the whatwg mailing list