W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2011

[whatwg] "Content-Disposition" property for <a> tags

From: Dennis Joachimsthaler <dennis@efjot.de>
Date: Thu, 26 May 2011 22:40:40 +0200
Message-ID: <op.vv3vp2ob48yz2f@dennis.fritz.box>
Am 26.05.2011, 22:33 Uhr, schrieb Boris Zbarsky <bzbarsky at mit.edu>:

> On 5/26/11 3:12 PM, Dennis Joachimsthaler wrote:
>> Oh I see the problem... Is it the bang? #!/bin/perl #!/bin/python
>> #!/bin/bash
>> could very well result in the text file being executed in one of those
>> interpreters,
>> right?
>
> Yes, but even worse on some systems a .pl file will just handed over to  
> the registered handler for those (often a Perl interpreter) if you try  
> to "open" it (which is a different operation from "execute" and can be  
> done even on files that are not executable; think double-clicking the  
> file in a file manager).
>
> -Boris

Ah, I see. So the people using the GUI are in the gutter? Which are
also the people that are inexperienced and would be prone to such attacks.

Damn.

Though I think it still would happen rarely that a pl file gets downloaded.

I mean who on the most popular system, Windows, has a Perl interpreter  
installed?

- Dennis Joachimsthaler
Received on Thursday, 26 May 2011 13:40:40 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:33 UTC