- From: Glenn Maynard <glenn@zewt.org>
- Date: Sat, 30 Apr 2011 15:07:45 -0400
On Sat, Apr 30, 2011 at 2:54 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote: > My concern is a bit more straightforward. To use a practical example: > just because a social networking site allows nearly arbitrary JPEG > files to be uploaded and served as profile pictures (Content-Type: > image/jpeg) does not mean that the applications wants users to be > offered that content as a download named Security_Update.exe, > supposedly coming from that trusted site. So, it's not so much the security issue (the browser's job), but an appearance-of-fault issue: the site not wanting to be blamed if the browser fails at that job. > But yes, there are probably also potential interactions with > whitelisted domains, especially given that the whitelist-based > capabilities are expanding rapidly. That suggests that this should be added sooner rather than later, so the concept of filenames for files on trusted domains being set by untrusted domains is considered in the design of these capabilities, rather than being bolted on later. -- Glenn Maynard
Received on Saturday, 30 April 2011 12:07:45 UTC