- From: Glenn Maynard <glenn@zewt.org>
- Date: Mon, 18 Mar 2013 09:05:52 -0500
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: WHAT Working Group <whatwg@whatwg.org>, Jonas Sicking <jonas@sicking.cc>
On Mon, Mar 18, 2013 at 7:50 AM, Bjoern Hoehrmann <derhoermi@gmx.net>wrote: > >However I don't think we can expect people to indicate > >"Content-Disposition: inline" in order to protect resources. Nor do I > >think that simply using a different filename is going to meaningfully > >protect downloaded content. So I think a stronger UI warning is needed > >in this scenario. > > I am not sure what you are referring to here, could you elaborate? > People were concerned that there might be security problems with forcing a download and/or offering a specific filename. Making a C-D: inline header override @download might alleviate that. I agree that if it's actually a problem, then this doesn't seem like a good solution. I can't recall any compelling arguments that a security issue exists, though. -- Glenn Maynard
Received on Monday, 18 March 2013 14:06:21 UTC