W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Content-Location: path separator characters [#272]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 10 Feb 2011 14:26:28 +0100
Message-ID: <4D53E784.4040002@gmx.de>
To: Mark Nottingham <mnot@mnot.net>
CC: httpbis Group <ietf-http-wg@w3.org>
On 10.02.2011 01:38, Mark Nottingham wrote:
> Sorry, should have said -- this is #272.
>
>
> On 10/02/2011, at 11:32 AM, Mark Nottingham wrote:
>
>> Section 3.3 Disposition Parameter: 'Filename' says
>>
>> """
>> When the value contains path separator characters, all but the last segment SHOULD be ignored. This prevents unintentional overwriting of well-known file system location (such as "/etc//passwd").
>> """
>>
>> However, "path separator characters" is not defined; should this be platform-specific, or should we nominate the characters in question? Either way, it needs to be more explicit.
> ...

If you want the filename to be usable across operating systems, you 
shouldn't use either "/" or "\".

Thus, proposed text:

"When the value contains one of the commonly used path separator 
characters ("/" and "\"), all but the last segment SHOULD be ignored. 
This prevents unintentional overwriting of well-known file system 
location (such as "/etc/passwd")."

Best regards, Julian
Received on Thursday, 10 February 2011 13:27:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:36 GMT