Re: Content-Disposition: *sender* advice

On 23/02/2011, at 4:42 AM, Julian Reschke wrote:

> Appendix D.  Advice on Generating Content-Disposition Header Fields

I started to reply with revised wording for some points, and ended up with a rewrite, fwiw.

---8<---

To successfully interoperate with existing and future user agents, senders of the Content-Disposition header are advised to:

  - Inclue a 'filename' parameter on all Content-Disposition headers. 

  - Use the 'token' form of the filename parameter only when it does not contain disallowed characters (e.g., spaces); in these cases, the quoted-string form should be used.

 - Avoid including the percent character followed by two hexadecimal characters (e.g., %A9) in the filename parameter, since some existing implementations consider it to be an escape character, while others will pass it through unchanged.

 - Avoid including the "\" character in the quoted-string form of the filename parameter, as escaping is not implemented by some user-agents, and will be considered as an illegal path character. 

 - Avoid using non-ASCII characters in the filename parameter. Although some existing implementations will attempt to decode them, others have no interoperable way to fail gracefully.

  - Include a 'filename*' parameter on Content-Disposition headers where the desired filename contains characters outside the US-ASCII character encoding. Note that legacy user agents will not process this, and will fall back to using the 'filename' parameter's content.

 - Use UTF-8 as the encoding of the 'filename*' parameter, when present, because at least one existing implementation only implements that encoding.

Note that this advice may be superseded. <http://purl.org/NET/http/content-disposition-tests> provides an overview of current levels of support in various implementations.

--->8---


--
Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 23 February 2011 02:10:10 UTC