[whatwg] a rel=attachment

Bjartur Thorlacius svartman95 at gmail.com
Sun Jul 17 12:41:08 PDT 2011

Þann fös 15.júl 2011 18:39, skrifaði Jonas Sicking:
> 2011/7/14 Ian Fette (イアンフェッティ)<ifette at google.com>:
> One concern which was brought up was the ability to cause the user to
> download a file from a third party site. I.e. this would allow
> evil.com to trick the user into downloading an email from the users
> webmail, or download a page from their bank which contains all their
> banking information. It might be easier to then trick the user into
> re-uploading the saved file to evil.com since from a user's
> perspective, it looked like the file came from evil.com
Would it not be possible to send an unauthenticated request for the
file, if it's of different origin?

More information about the whatwg mailing list