- From: Mike West <mkwst@google.com>
- Date: Fri, 15 Feb 2013 09:08:35 +0100
- To: whatwg@whatwg.org
Ping. Is this a terrible idea? :) -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 On Sat, Feb 2, 2013 at 7:11 PM, Mike West <mkwst@google.com> wrote: > It's currently possible to force a download by serving a file with a > "Content-Disposition: attachment; filename=..." header. Notably, this > mechanism can be used to download a file with minimal user interaction by > including the resource to be downloaded in an IFrame. This holds even for > sandboxed IFrames, as demonstrated by > http://lcamtuf.coredump.cx/sandboxed.html (clicking that link will > download a file, fair warning). > > It seems consistent with the general thought behind the `sandbox` > attribute that it should control downloads as well as the bits it already > locks down. I'd propose adjusting the spec to include a sandboxed downloads > flag, which, when present, would block all downloads from inside the frame > (or, perhaps only require user confirmation?). This restriction could be > lifted via an 'allow-downloads' keyword, if present in the sandbox > attribute's token list. > > WDYT? > > -- > Mike West <mkwst@google.com>, Developer Advocate > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 >
Received on Friday, 15 February 2013 08:09:22 UTC