- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Sat, 30 Apr 2011 11:24:11 -0700
Note that somewhat counterintuitively, there would be some security concerns with markup-level content disposition controls (or any JS equivalent). For example, consider evil.com doing this: <a href='http://example.com/user_content/harmless_text_file.txt' disposition='attachment; filename="Important_Security_Update.exe"'> Downloading files in general is a very problematic area, because there's a very fragile transition between HTTP MIME type and filesystem extension or other OS-level content determination mechanism. Many browsers either don't try to do anything useful to prevent weird "promotions" from safe to unsafe document types; or enforce decidedly imperfect logic. Allowing attackers to further control this process has some risks. [ This is further compounded by the fact that in many cases, it is safer for users to open certain document types, HTML included, from http: URLs than from file:. ] /mz
Received on Saturday, 30 April 2011 11:24:11 UTC