- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 2 Jun 2011 12:32:27 -0700
> I don't think the issue raised was about getting people to save files, > though. ?If you can get someone to click a link, you can already point > them at something that sets the HTTP C-D header. The origin of a download is one of the best / most important indicators people have right now (which, by itself, is a bit of a shame). I just think it would be a substantial regression to make it possible for microsoft.com or google.com to unwittingly serve .exe / .jar / .zip / .rar files based on third-party markup. Firefox and MSIE display the origin fairly prominently, IIRC; Chrome displays it in some views. But deficiencies of current UIs are probably a separate problem. /mz
Received on Thursday, 2 June 2011 12:32:27 UTC