- From: Glenn Maynard <glenn@zewt.org>
- Date: Thu, 2 Jun 2011 14:18:44 -0400
I don't think the issue raised was about getting people to save files, though. If you can get someone to click a link, you can already point them at something that sets the HTTP C-D header. As I recall, the concern was about getting people to do this on files that appear to be from a trusted domain. That is, evil.com linking to a perl script on trusted.com (or, say, a dual-mode image/ELF file), setting C-D in the link to get it to save-as, perhaps hoping that people will see "from: http://trusted.com" in the save-as dialog. (I doubt that most users look at that at all; Chrome doesn't even seem to bother displaying it.) At worst, it just seems like a minor UI design issue. -- Glenn Maynard
Received on Thursday, 2 June 2011 11:18:44 UTC