- From: Mike West <mkwst@google.com>
- Date: Sat, 2 Feb 2013 19:11:23 +0100
- To: whatwg@whatwg.org
It's currently possible to force a download by serving a file with a "Content-Disposition: attachment; filename=..." header. Notably, this mechanism can be used to download a file with minimal user interaction by including the resource to be downloaded in an IFrame. This holds even for sandboxed IFrames, as demonstrated by http://lcamtuf.coredump.cx/sandboxed.html (clicking that link will download a file, fair warning). It seems consistent with the general thought behind the `sandbox` attribute that it should control downloads as well as the bits it already locks down. I'd propose adjusting the spec to include a sandboxed downloads flag, which, when present, would block all downloads from inside the frame (or, perhaps only require user confirmation?). This restriction could be lifted via an 'allow-downloads' keyword, if present in the sandbox attribute's token list. WDYT? -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Saturday, 2 February 2013 18:12:11 UTC