W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: Comments on draft-ietf-httpbis-content-disp

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Mon, 1 Nov 2010 13:55:49 -0600
To: Adam Barth <ietf@adambarth.com>
Cc: httpbis <ietf-http-wg@w3.org>
Message-Id: <20101101135549.fb0f9db2.eric@bisonsystems.net>
Adam Barth wrote:
> 
> Do you expect browser user agents to change their behavior w.r.t. the
> % character in filename parameter in Content-Disposition header
> fields?  I don't see an evidence that they will.
>

No, of course not.  Nor would I expect a package-management system to
start decoding % if the spec is changed based on what browsers get
wrong.

>
> It's disingenuous to claim this document specifies the
> Content-Disposition header field when it ignores how that header
> field is processed by user agents used by hundreds of millions of
> users.
> 

No, what's disingenuous is to tell all the folks who correctly followed
MIME syntax in their existing C-D implementations that they are in
error, based on an edge case where a *minority* of implementations
chose to disregard proper MIME syntax.  Granted browsers have hundreds
of millions of users, but that handwaving doesn't change the fact that
systems based on nonstandard %-handling are a statistical blip.

Just because browsers do this, doesn't mean they should, IOW +1 to
Bjoern's comment:

"Note in particular that we cannot assume, because something works in a
certain way in some browsers, that it is safe to require that; it may
very well be that the browsers that do something else cannot be up-
dated to match the behavior due to servers doing user agent sniffing,
in which case mandating the particular behavior was pointless and mis-
leading."

There's nothing preventing browser vendors from agreeing to %-decode or
even standardizing that *interpretation* of C-D.  The point is, that if
it's in another spec it has absolutely no bearing on how C-D is defined,
avoiding a break with backward compatibility for all user-agents.  That
"other spec" would only affect interpretation of C-D after parsing,
allowing that parsing to be compliant with the current draft, without
requiring the scope of HTTPbis to be changed to define non-MIME-
compliant header parsing.

> 
> I don't see a connection between the ability to compute the requested
> file name from a Content-Disposition header field value and rendering
> content.
>

There is none.  But there are enough cases where it's true, to justify
a browser-conformance document.  Such a document can also choose to
specify anything else particular to browsers, such as deliberately-
borked C-D parsing which may break if required for HTTP-based package-
management systems, for example.

>
> Presumably the requested file name is part of the semantics of this
> header field value.  Shouldn't the specification define what that
> file name the header field requests?
> 

No, it shouldn't, the user-agent has final say in what filename to use,
based on the filesystem the OS is using, which can't be known by the
sender, so the sender can only suggest a filename.  Which means that as-
written, the spec allows a component to decide to %-decode without it
being mandated that all user-agents ought to do so, because that's how
Microsoft did it...

> 
> It sounds like you're advocating for resolution (2), which I think is
> fine.
> 

No, I'm most definitely advocating the creation of a document specific
to the concerns of implementing HTTP on those user-agents which render
content, in a way that's interoperable between major browsers, and
keeping HTTP the way it's always been, which doesn't assume user-agent=
browser nor require a degree in computer science to be understood by
the lay developer.

-Eric
Received on Monday, 1 November 2010 19:56:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:32 GMT