[whatwg] "Content-Disposition" property for <a> tags

On 5/26/11 2:06 PM, Dennis Joachimsthaler wrote:
>>> <a href='http://example.com/user_content/harmless_text_file.txt'
>>> disposition='attachment; filename="Important_Security_Update.exe"'>
>>
>> At least in the case of Firefox for that particular case on Windows
>> thefilename will be sanitized...
>
> So what does Firefox do in this case?

I believe it forces the extension to match the MIME type; if the type 
text/plain the saved filename will be "Important_Security_Update.exe.txt".

>> But yes, there are other situations where things could be more
>> problematic.
>
> Which are these? Please enlighten me.

Well, in the Firefox case non-Windows OSes, where the theory is that the 
handling of a file does not depend on the extension but the practice is 
... variable.

-Boris

Received on Thursday, 26 May 2011 11:15:42 UTC