- From: Michael Wojcik <Michael.Wojcik@microfocus.com>
- Date: Wed, 24 Feb 2010 06:49:41 -0800
- To: <uri@w3.org>
> With that said, I think it'd be awesome if you could do something like: > > <a > href="data:text/plain;charset=utf-8;filename=tada.txt;content- > disposition=attachment,file_data">Save</a>. And is it the responsibility of the user agent, or of the user, to ensure that there is no security risk in saving the file under the name suggested by the URI? Considering how ready most users are to simply click through warnings and confirmations, this looks like a great way for sites to drop trojans, or place other malware at a known location so it can be activated through another vector. I'd at least like to see a decent review of the security implications, with reference to known attacks along similar vectors (eg the use of content-disposition with email attachments), as part of the proposal. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Received on Wednesday, 24 February 2010 18:11:00 UTC