- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 10 Feb 2011 14:26:28 +0100
- To: Mark Nottingham <mnot@mnot.net>
- CC: httpbis Group <ietf-http-wg@w3.org>
On 10.02.2011 01:38, Mark Nottingham wrote:
> Sorry, should have said -- this is #272.
>
>
> On 10/02/2011, at 11:32 AM, Mark Nottingham wrote:
>
>> Section 3.3 Disposition Parameter: 'Filename' says
>>
>> """
>> When the value contains path separator characters, all but the last segment SHOULD be ignored. This prevents unintentional overwriting of well-known file system location (such as "/etc//passwd").
>> """
>>
>> However, "path separator characters" is not defined; should this be platform-specific, or should we nominate the characters in question? Either way, it needs to be more explicit.
> ...
If you want the filename to be usable across operating systems, you
shouldn't use either "/" or "\".
Thus, proposed text:
"When the value contains one of the commonly used path separator
characters ("/" and "\"), all but the last segment SHOULD be ignored.
This prevents unintentional overwriting of well-known file system
location (such as "/etc/passwd")."
Best regards, Julian
Received on Thursday, 10 February 2011 13:27:07 UTC