[whatwg] "Content-Disposition" property for <a> tags
Dennis Joachimsthaler
dennis at efjot.de
Thu May 26 14:51:43 PDT 2011
Am 26.05.2011, 22:58 Uhr, schrieb Julian Reschke <julian.reschke at gmx.de>:
> On 2011-05-26 22:54, Dennis Joachimsthaler wrote:
>> Am 26.05.2011, 22:53 Uhr, schrieb Boris Zbarsky <bzbarsky at mit.edu>:
>>
>>> Probably no one, to a first approximation, but we were specifically
>>> talking about non-Windows systems. On Windows, as I said, Gecko forces
>>> extensions to match content types, to avoid this sort of issue in
>>> general.
>>
>> Yep, yep... If browsers implement the filename (+ extension) name
>> changing
>> we should make it a MUST to implement security...
>> ...
>
> Like
> <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-latest.html#rfc.section.4.3>?
>
> Best regards, Julian
Ah, that sort of security is a SHOULD here, already.
We should just copy this over, it looks good.
Browsers should just use the same behaviour when encountering the function
in
a HTML attribute.
I forsee a great future :-)
- Dennis Joachimsthaler
More information about the whatwg
mailing list