...speaking of which. In Part3, we currently refer to both RFC1806 (the original definition) and RFC2183 (which updated RFC1806). Wouldn't it make sense to drop the references to the historical document? Also, I can't help noticing that in Section 8.2 (<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p3-payload-02.html#rfc.section.8.2>) we say "8.2 Content-Disposition Issues [RFC1806], from which the often implemented Content-Disposition (see Appendix B.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See [RFC2183] (which updates [RFC1806]) for details." ...which is really vague. Are there more considerations than those mentioned in <http://tools.ietf.org/html/rfc2183#section-5>? BR, JulianReceived on Sunday, 16 March 2008 19:31:48 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:35 GMT