- From: Dennis Joachimsthaler <dennis@efjot.de>
- Date: Thu, 26 May 2011 23:51:43 +0200
Am 26.05.2011, 22:58 Uhr, schrieb Julian Reschke <julian.reschke at gmx.de>: > On 2011-05-26 22:54, Dennis Joachimsthaler wrote: >> Am 26.05.2011, 22:53 Uhr, schrieb Boris Zbarsky <bzbarsky at mit.edu>: >> >>> Probably no one, to a first approximation, but we were specifically >>> talking about non-Windows systems. On Windows, as I said, Gecko forces >>> extensions to match content types, to avoid this sort of issue in >>> general. >> >> Yep, yep... If browsers implement the filename (+ extension) name >> changing >> we should make it a MUST to implement security... >> ... > > Like > <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-latest.html#rfc.section.4.3>? > > Best regards, Julian Ah, that sort of security is a SHOULD here, already. We should just copy this over, it looks good. Browsers should just use the same behaviour when encountering the function in a HTML attribute. I forsee a great future :-) - Dennis Joachimsthaler
Received on Thursday, 26 May 2011 14:51:43 UTC