[whatwg] a rel=attachment

Alexey Proskuryakov ap at webkit.org
Tue Jul 19 10:42:07 PDT 2011


18.07.2011, в 9:35, Glenn Maynard написал(а):

> > A different scenario which I don't think has been discussed in this thread is bypassing a hosting service security settings. Consider a highly reputable hosting that doesn't let you upload executable files (or maybe just scans those for malware if uploaded). With @download, one could bypass that, and make users download or even run an .EXE file by following an innocuous link to a well known domain. This kind of download could be same origin or cross origin.
> 
> The service hosting the file--the target of the link--shouldn't convey trust.  The page containing the download link is where trust should come from, not the link target.


There are many views on what conveys trust. If we don't go to the extremes (like users who click on anything and agree to any confirmation dialogs without reading them), there is certainly a group of people who look where a link points to before clicking it.

The fact that hosting implies a certain degree of trust is also built into client software. For example, if you download an executable file on Mac OS X, then the system warns you about it on first launch, and tells you where it was downloaded from, not where a link to the download was.

Hosting services do have their policies on what can be hosted. As we discuss a way to subvert those policies, we shouldn't start with an assumption that it's inconsequential.

- WBR, Alexey Proskuryakov



More information about the whatwg mailing list