W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: Content-Disposition filename encoding, was: IRIs, IDNAbis, and HTTP [i74]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 16 Mar 2008 20:30:54 +0100
Message-ID: <47DD756E.6020800@gmx.de>
To: ietf-http-wg@w3.org

...speaking of which.

In Part3, we currently refer to both RFC1806 (the original definition) 
and RFC2183 (which updated RFC1806).

Wouldn't it make sense to drop the references to the historical document?

Also, I can't help noticing that in Section 8.2 
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p3-payload-02.html#rfc.section.8.2>) 
we say

"8.2 Content-Disposition Issues

[RFC1806], from which the often implemented Content-Disposition (see 
Appendix B.1) header in HTTP is derived, has a number of very serious 
security considerations. Content-Disposition is not part of the HTTP 
standard, but since it is widely implemented, we are documenting its use 
and risks for implementors. See [RFC2183] (which updates [RFC1806]) for 
details."

...which is really vague. Are there more considerations than those 
mentioned in <http://tools.ietf.org/html/rfc2183#section-5>?

BR, Julian
Received on Sunday, 16 March 2008 19:31:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT