W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] "Content-Disposition" property for <a> tags

From: Glenn Maynard <glenn@zewt.org>
Date: Thu, 2 Jun 2011 14:18:44 -0400
Message-ID: <BANLkTinXv3T2w59h2PdOvDHLBo_qwUv=ew@mail.gmail.com>
I don't think the issue raised was about getting people to save files,
though.  If you can get someone to click a link, you can already point
them at something that sets the HTTP C-D header.

As I recall, the concern was about getting people to do this on files
that appear to be from a trusted domain.  That is, evil.com linking to
a perl script on trusted.com (or, say, a dual-mode image/ELF file),
setting C-D in the link to get it to save-as, perhaps hoping that
people will see "from: http://trusted.com" in the save-as dialog.  (I
doubt that most users look at that at all; Chrome doesn't even seem to
bother displaying it.)

At worst, it just seems like a minor UI design issue.

-- 
Glenn Maynard
Received on Thursday, 2 June 2011 11:18:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC