[whatwg] "Content-Disposition" property for <a> tags from Dennis Joachimsthaler on 2011-05-26 (public-whatwg-archive@w3.org from May 2011)

From: Dennis Joachimsthaler <dennis@efjot.de>
Date: Thu, 26 May 2011 20:06:54 +0200
Message-ID: <op.vv3olsjg48yz2f@dennis.fritz.box>

Oh hey,

I didn't realize this topic was discussed again one month ago.
I originally even started this ;-).

>> Note that somewhat counterintuitively, there would be some security
>> concerns with markup-level content disposition controls (or any JS
>> equivalent). For example, consider evil.com doing this:
>>
>> <a href='http://example.com/user_content/harmless_text_file.txt'
>> disposition='attachment; filename="Important_Security_Update.exe"'>
>
> At least in the case of Firefox for that particular case on Windows the 
> filename will be sanitized...

So what does Firefox do in this case?
Also I think that maybe the "filename" part is not necessary at all.

The filename is only necessary when you feed the file from a dynamic
page, like directly from the PHP processor. And in this case you can
directly use the contend-disposition HTTP header.

I was talking about cases where there are direct links to files that
WOULD open directly, but we want to suggest the browser to download them
instead. In this case we would have to fiddle around with server
side scripting and suggesting the attachment-flag from a HTTP standpoint
even though there is absolutely no other reason than this single http  
header.

More trouble than it's worth.

So if the filename part of this kind of disposition tag is too insecure, we
can leave it out without destroying my intended reason for such a tag.

Of course there might be reasons to have the filename part anyways, let
me write down an example:

You have files in a folder that are numbered in one continous numbering
scheme. The files are heavily downloaded so server side scripting falls
out of the question because sending files through this is, to say the  
least,
slow, unless you use some special tricks.

Instead of giving the user a link to the file called "A342378437.pdf"
you can use the disposition attribute to

a) Let him directly download it. He doesn't have to go the long way
    around by right clicking this way.

b) Give it a meaningful name that the user will appreciate

This is though the initial idea which sparked this thread. And it has been
expanded upon already.

> But yes, there are other situations where things could be more  
> problematic.

Which are these? Please enlighten me.

- Dennis Joachimsthaler

Received on Thursday, 26 May 2011 11:06:54 UTC