On 02.03.2011 15:11, Julian Reschke wrote: > ... > Proposed change for the three items in 4.3: > > o Many platforms do not use Internet Media Types ([RFC2046]) to hold > type information in the file system, but rely on filename > extensions instead. Trusting the server-provided file extension > could introduce a privilege escalation when the saved file is > later opened (consider ".exe"). Thus, recipients SHOULD ensure > that a file extension is used that is safe, optimally matching the > media type of the received payload. > > o Recipients SHOULD strip or replace character sequences that are > known to cause confusion both in user interfaces and in filenames, > such as control characters and leading and trailing whitespace. > > o Other aspects recipients need to be aware of are names that have a > special meaning in the file system or in shell commands, such as > "." and "..", "~", "|", and also device names. Recipients SHOULD > ignore or substitute names like these. > > (see > <http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/278/i278.diff>). > ... ...applied with <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1152>; I plan to submit a -07 draft soon after LC ends. Best regards, JulianReceived on Sunday, 6 March 2011 11:13:53 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT