[whatwg] Priority between <a download> and content-disposition

Glenn Maynard glenn at zewt.org
Mon Mar 18 07:05:52 PDT 2013


On Mon, Mar 18, 2013 at 7:50 AM, Bjoern Hoehrmann <derhoermi at gmx.net>wrote:

> >However I don't think we can expect people to indicate
> >"Content-Disposition: inline" in order to protect resources. Nor do I
> >think that simply using a different filename is going to meaningfully
> >protect downloaded content. So I think a stronger UI warning is needed
> >in this scenario.
>
> I am not sure what you are referring to here, could you elaborate?
>

People were concerned that there might be security problems with forcing a
download and/or offering a specific filename.  Making a C-D: inline header
override @download might alleviate that.  I agree that if it's actually a
problem, then this doesn't seem like a good solution.

I can't recall any compelling arguments that a security issue exists,
though.

-- 
Glenn Maynard



More information about the whatwg mailing list