On 4/30/11 2:24 PM, Michal Zalewski wrote:
Note that somewhat counterintuitively, there would be some security
concerns with markup-level content disposition controls (or any JS
equivalent). For example, consider evil.com doing this:
<a href='http://example.com/user_content/harmless_text_file.txt'
disposition='attachment; filename="Important_Security_Update.exe"'>
At least in the case of Firefox for that particular case on Windows the
filename will be sanitized...
But yes, there are other situations where things could be more problematic.
-Boris
