On Fri, Dec 30, 2005 at 02:28:48PM -0500, Martin Cracauer wrote: > The content-disposition header is a standard web feature that we have > no good reason to ignore (as long as we don't turn it on unless > directly user-requested). We are just advancing with web technology, > which partly moves from explicit naming in URLs to simpler (for them) > schemes. There is easy way to make most security hackarounds unneeded in the way like every browser does: confirm final file name interactively. I.e. fetch can do something like this: Save as filename.exe (Y/N)? -- http://ache.pp.ru/Received on Sat Dec 31 2005 - 07:55:07 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC