source: draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html @ 996

Last change on this file since 996 was 996, checked in by julian.reschke@…, 9 years ago

update implementation notes

File size: 57.1 KB
Line 
1<!DOCTYPE html
2  PUBLIC "-//W3C//DTD HTML 4.01//EN">
3<html lang="en">
4   <head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
5      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
6      <title>Use of the Content-Disposition&nbsp;Header&nbsp;Field
7         in the Hypertext&nbsp;Transfer&nbsp;Protocol&nbsp;(HTTP)
8      </title><style type="text/css" title="Xml2Rfc (sans serif)">
9a {
10  text-decoration: none;
11}
12a.smpl {
13  color: black;
14}
15a:hover {
16  text-decoration: underline;
17}
18a:active {
19  text-decoration: underline;
20}
21address {
22  margin-top: 1em;
23  margin-left: 2em;
24  font-style: normal;
25}
26blockquote {
27  border-style: solid;
28  border-color: gray;
29  border-width: 0 0 0 .25em;
30  font-style: italic;
31  padding-left: 0.5em;
32}
33body {
34  color: black;
35  font-family: verdana, helvetica, arial, sans-serif;
36  font-size: 10pt;
37}
38cite {
39  font-style: normal;
40}
41dd {
42  margin-right: 2em;
43}
44dl {
45  margin-left: 2em;
46}
47
48ul.empty {
49  list-style-type: none;
50}
51ul.empty li {
52  margin-top: .5em;
53}
54dl p {
55  margin-left: 0em;
56}
57dt {
58  margin-top: .5em;
59}
60h1 {
61  font-size: 14pt;
62  line-height: 21pt;
63  page-break-after: avoid;
64}
65h1.np {
66  page-break-before: always;
67}
68h1 a {
69  color: #333333;
70}
71h2 {
72  font-size: 12pt;
73  line-height: 15pt;
74  page-break-after: avoid;
75}
76h3, h4, h5, h6 {
77  font-size: 10pt;
78  page-break-after: avoid;
79}
80h2 a, h3 a, h4 a, h5 a, h6 a {
81  color: black;
82}
83img {
84  margin-left: 3em;
85}
86li {
87  margin-left: 2em;
88  margin-right: 2em;
89}
90ol {
91  margin-left: 2em;
92  margin-right: 2em;
93}
94ol p {
95  margin-left: 0em;
96}
97p {
98  margin-left: 2em;
99  margin-right: 2em;
100}
101pre {
102  margin-left: 3em;
103  background-color: lightyellow;
104  padding: .25em;
105}
106pre.text2 {
107  border-style: dotted;
108  border-width: 1px;
109  background-color: #f0f0f0;
110  width: 69em;
111}
112pre.inline {
113  background-color: white;
114  padding: 0em;
115}
116pre.text {
117  border-style: dotted;
118  border-width: 1px;
119  background-color: #f8f8f8;
120  width: 69em;
121}
122pre.drawing {
123  border-style: solid;
124  border-width: 1px;
125  background-color: #f8f8f8;
126  padding: 2em;
127}
128table {
129  margin-left: 2em;
130}
131table.tt {
132  vertical-align: top;
133}
134table.full {
135  border-style: outset;
136  border-width: 1px;
137}
138table.headers {
139  border-style: outset;
140  border-width: 1px;
141}
142table.tt td {
143  vertical-align: top;
144}
145table.full td {
146  border-style: inset;
147  border-width: 1px;
148}
149table.tt th {
150  vertical-align: top;
151}
152table.full th {
153  border-style: inset;
154  border-width: 1px;
155}
156table.headers th {
157  border-style: none none inset none;
158  border-width: 1px;
159}
160table.left {
161  margin-right: auto;
162}
163table.right {
164  margin-left: auto;
165}
166table.center {
167  margin-left: auto;
168  margin-right: auto;
169}
170caption {
171  caption-side: bottom;
172  font-weight: bold;
173  font-size: 9pt;
174  margin-top: .5em;
175}
176
177table.header {
178  border-spacing: 1px;
179  width: 95%;
180  font-size: 10pt;
181  color: white;
182}
183td.top {
184  vertical-align: top;
185}
186td.topnowrap {
187  vertical-align: top;
188  white-space: nowrap; 
189}
190table.header td {
191  background-color: gray;
192  width: 50%;
193}
194table.header a {
195  color: white;
196}
197td.reference {
198  vertical-align: top;
199  white-space: nowrap;
200  padding-right: 1em;
201}
202thead {
203  display:table-header-group;
204}
205ul.toc {
206  list-style: none;
207  margin-left: 1.5em;
208  margin-right: 0em;
209  padding-left: 0em;
210}
211li.tocline0 {
212  line-height: 150%;
213  font-weight: bold;
214  font-size: 10pt;
215  margin-left: 0em;
216  margin-right: 0em;
217}
218li.tocline1 {
219  line-height: normal;
220  font-weight: normal;
221  font-size: 9pt;
222  margin-left: 0em;
223  margin-right: 0em;
224}
225li.tocline2 {
226  font-size: 0pt;
227}
228ul p {
229  margin-left: 0em;
230}
231ul.ind {
232  list-style: none;
233  margin-left: 1.5em;
234  margin-right: 0em;
235  padding-left: 0em;
236  page-break-before: avoid;
237}
238li.indline0 {
239  font-weight: bold;
240  line-height: 200%;
241  margin-left: 0em;
242  margin-right: 0em;
243}
244li.indline1 {
245  font-weight: normal;
246  line-height: 150%;
247  margin-left: 0em;
248  margin-right: 0em;
249}
250.avoidbreak {
251  page-break-inside: avoid;
252}
253.bcp14 {
254  font-style: normal;
255  text-transform: lowercase;
256  font-variant: small-caps;
257}
258blockquote > * .bcp14 {
259  font-style: italic;
260}
261.comment {
262  background-color: yellow;
263}
264.center {
265  text-align: center;
266}
267.error {
268  color: red;
269  font-style: italic;
270  font-weight: bold;
271}
272.figure {
273  font-weight: bold;
274  text-align: center;
275  font-size: 9pt;
276}
277.filename {
278  color: #333333;
279  font-weight: bold;
280  font-size: 12pt;
281  line-height: 21pt;
282  text-align: center;
283}
284.fn {
285  font-weight: bold;
286}
287.hidden {
288  display: none;
289}
290.left {
291  text-align: left;
292}
293.right {
294  text-align: right;
295}
296.title {
297  color: #990000;
298  font-size: 18pt;
299  line-height: 18pt;
300  font-weight: bold;
301  text-align: center;
302  margin-top: 36pt;
303}
304.vcardline {
305  display: block;
306}
307.warning {
308  font-size: 14pt;
309  background-color: yellow;
310}
311
312
313@media print {
314  .noprint {
315    display: none;
316  }
317 
318  a {
319    color: black;
320    text-decoration: none;
321  }
322
323  table.header {
324    width: 90%;
325  }
326
327  td.header {
328    width: 50%;
329    color: black;
330    background-color: white;
331    vertical-align: top;
332    font-size: 12pt;
333  }
334
335  ul.toc a::after {
336    content: leader('.') target-counter(attr(href), page);
337  }
338 
339  a.iref {
340    content: target-counter(attr(href), page);
341  }
342 
343  .print2col {
344    column-count: 2;
345    -moz-column-count: 2;
346    column-fill: auto;
347  }
348}
349
350@page {
351  @top-left {
352       content: "Internet-Draft"; 
353  } 
354  @top-right {
355       content: "September 2010"; 
356  } 
357  @top-center {
358       content: "Content-Disposition in HTTP"; 
359  } 
360  @bottom-left {
361       content: "Reschke"; 
362  } 
363  @bottom-center {
364       content: "Standards Track"; 
365  } 
366  @bottom-right {
367       content: "[Page " counter(page) "]"; 
368  } 
369}
370
371@page:first { 
372    @top-left {
373      content: normal;
374    }
375    @top-right {
376      content: normal;
377    }
378    @top-center {
379      content: normal;
380    }
381}
382</style><link rel="Contents" href="#rfc.toc">
383      <link rel="Author" href="#rfc.authors">
384      <link rel="Copyright" href="#rfc.copyrightnotice">
385      <link rel="Index" href="#rfc.index">
386      <link rel="Chapter" title="1 Introduction" href="#rfc.section.1">
387      <link rel="Chapter" title="2 Notational Conventions" href="#rfc.section.2">
388      <link rel="Chapter" title="3 Header Field Definition" href="#rfc.section.3">
389      <link rel="Chapter" title="4 Examples" href="#rfc.section.4">
390      <link rel="Chapter" title="5 Internationalization Considerations" href="#rfc.section.5">
391      <link rel="Chapter" title="6 Security Considerations" href="#rfc.section.6">
392      <link rel="Chapter" title="7 IANA Considerations" href="#rfc.section.7">
393      <link rel="Chapter" title="8 Acknowledgements" href="#rfc.section.8">
394      <link rel="Chapter" href="#rfc.section.9" title="9 References">
395      <link rel="Appendix" title="A Changes from the RFC 2616 Definition" href="#rfc.section.A">
396      <link rel="Appendix" title="B Differences compared to RFC 2183" href="#rfc.section.B">
397      <link rel="Appendix" title="C Alternative Approaches to Internationalization" href="#rfc.section.C">
398      <link rel="Appendix" title="D Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.D">
399      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.522, 2010-08-31 15:02:33, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
400      <link rel="schema.dct" href="http://purl.org/dc/terms/">
401      <meta name="dct.creator" content="Reschke, J. F.">
402      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-content-disp-latest">
403      <meta name="dct.issued" scheme="ISO8601" content="2010-09-10">
404      <meta name="dct.abstract" content="HTTP/1.1 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
405      <meta name="description" content="HTTP/1.1 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
406   </head>
407   <body>
408      <table class="header">
409         <tbody>
410            <tr>
411               <td class="left">HTTPbis Working Group</td>
412               <td class="right">J. Reschke</td>
413            </tr>
414            <tr>
415               <td class="left">Internet-Draft</td>
416               <td class="right">greenbytes</td>
417            </tr>
418            <tr>
419               <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved)
420               </td>
421               <td class="right">September 10, 2010</td>
422            </tr>
423            <tr>
424               <td class="left">Intended status: Standards Track</td>
425               <td class="right"></td>
426            </tr>
427            <tr>
428               <td class="left">Expires: March 14, 2011</td>
429               <td class="right"></td>
430            </tr>
431         </tbody>
432      </table>
433      <p class="title">Use of the Content-Disposition&nbsp;Header&nbsp;Field in the Hypertext&nbsp;Transfer&nbsp;Protocol&nbsp;(HTTP)<br><span class="filename">draft-ietf-httpbis-content-disp-latest</span></p>
434      <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1> 
435      <p>HTTP/1.1 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard.
436         This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization
437         aspects.
438      </p> 
439      <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor before publication)</a></h1> 
440      <p>This specification is expected to replace the definition of Content-Disposition in the HTTP/1.1 specification, as currently
441         revised by the IETF HTTPbis working group. See also &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/123">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/123</a>&gt;.
442      </p> 
443      <p>Discussion of this draft should take place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org). The current issues
444         list is at &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/query?component=content-disp">http://trac.tools.ietf.org/wg/httpbis/trac/query?component=content-disp</a>&gt; and related documents (including fancy diffs) can be found at &lt;<a href="http://tools.ietf.org/wg/httpbis/">http://tools.ietf.org/wg/httpbis/</a>&gt;.
445      </p> 
446      <p>The changes in this draft are summarized in <a href="#changes.since.00" title="Since draft-ietf-httpbis-content-disp-00">Appendix&nbsp;D.5</a>.
447      </p> 
448      <h1><a id="rfc.status" href="#rfc.status">Status of This Memo</a></h1>
449      <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
450      <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute
451         working documents as Internet-Drafts. The list of current Internet-Drafts is at <a href="http://datatracker.ietf.org/drafts/current/">http://datatracker.ietf.org/drafts/current/</a>.
452      </p>
453      <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other
454         documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work
455         in progress”.
456      </p>
457      <p>This Internet-Draft will expire on March 14, 2011.</p>
458      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
459      <p>Copyright © 2010 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
460      <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights
461         and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License
462         text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified
463         BSD License.
464      </p>
465      <hr class="noprint">
466      <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
467      <ul class="toc">
468         <li class="tocline0">1.&nbsp;&nbsp;&nbsp;<a href="#introduction">Introduction</a></li>
469         <li class="tocline0">2.&nbsp;&nbsp;&nbsp;<a href="#rfc.section.2">Notational Conventions</a></li>
470         <li class="tocline0">3.&nbsp;&nbsp;&nbsp;<a href="#header.field.definition">Header Field Definition</a><ul class="toc">
471               <li class="tocline1">3.1&nbsp;&nbsp;&nbsp;<a href="#rfc.section.3.1">Grammar</a></li>
472               <li class="tocline1">3.2&nbsp;&nbsp;&nbsp;<a href="#disposition.type">Disposition Type</a></li>
473               <li class="tocline1">3.3&nbsp;&nbsp;&nbsp;<a href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></li>
474               <li class="tocline1">3.4&nbsp;&nbsp;&nbsp;<a href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></li>
475               <li class="tocline1">3.5&nbsp;&nbsp;&nbsp;<a href="#extensibility">Extensibility</a></li>
476            </ul>
477         </li>
478         <li class="tocline0">4.&nbsp;&nbsp;&nbsp;<a href="#rfc.section.4">Examples</a></li>
479         <li class="tocline0">5.&nbsp;&nbsp;&nbsp;<a href="#i18n">Internationalization Considerations</a></li>
480         <li class="tocline0">6.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a></li>
481         <li class="tocline0">7.&nbsp;&nbsp;&nbsp;<a href="#iana.considerations">IANA Considerations</a><ul class="toc">
482               <li class="tocline1">7.1&nbsp;&nbsp;&nbsp;<a href="#registry">Registry for Disposition Values and Parameter</a></li>
483               <li class="tocline1">7.2&nbsp;&nbsp;&nbsp;<a href="#header.field.registration">Header Field Registration</a></li>
484            </ul>
485         </li>
486         <li class="tocline0">8.&nbsp;&nbsp;&nbsp;<a href="#rfc.section.8">Acknowledgements</a></li>
487         <li class="tocline0">9.&nbsp;&nbsp;&nbsp;<a href="#rfc.references">References</a><ul class="toc">
488               <li class="tocline1">9.1&nbsp;&nbsp;&nbsp;<a href="#rfc.references.1">Normative References</a></li>
489               <li class="tocline1">9.2&nbsp;&nbsp;&nbsp;<a href="#rfc.references.2">Informative References</a></li>
490            </ul>
491         </li>
492         <li class="tocline0"><a href="#rfc.authors">Author's Address</a></li>
493         <li class="tocline0">A.&nbsp;&nbsp;&nbsp;<a href="#changes.from.rfc2616">Changes from the RFC 2616 Definition</a></li>
494         <li class="tocline0">B.&nbsp;&nbsp;&nbsp;<a href="#diffs.compared.to.rfc2183">Differences compared to RFC 2183</a></li>
495         <li class="tocline0">C.&nbsp;&nbsp;&nbsp;<a href="#alternatives">Alternative Approaches to Internationalization</a><ul class="toc">
496               <li class="tocline1">C.1&nbsp;&nbsp;&nbsp;<a href="#alternatives.rfc2047">RFC 2047 Encoding</a></li>
497               <li class="tocline1">C.2&nbsp;&nbsp;&nbsp;<a href="#alternatives.percent">Percent Encoding</a></li>
498               <li class="tocline1">C.3&nbsp;&nbsp;&nbsp;<a href="#alternatives.sniff">Encoding Sniffing</a></li>
499               <li class="tocline1">C.4&nbsp;&nbsp;&nbsp;<a href="#alternatives.implementations">Implementations</a></li>
500            </ul>
501         </li>
502         <li class="tocline0">D.&nbsp;&nbsp;&nbsp;<a href="#change.log">Change Log (to be removed by RFC Editor before publication)</a><ul class="toc">
503               <li class="tocline1">D.1&nbsp;&nbsp;&nbsp;<a href="#rfc.section.D.1">Since draft-reschke-rfc2183-in-http-00</a></li>
504               <li class="tocline1">D.2&nbsp;&nbsp;&nbsp;<a href="#rfc.section.D.2">Since draft-reschke-rfc2183-in-http-01</a></li>
505               <li class="tocline1">D.3&nbsp;&nbsp;&nbsp;<a href="#rfc.section.D.3">Since draft-reschke-rfc2183-in-http-02</a></li>
506               <li class="tocline1">D.4&nbsp;&nbsp;&nbsp;<a href="#rfc.section.D.4">Since draft-reschke-rfc2183-in-http-03</a></li>
507               <li class="tocline1">D.5&nbsp;&nbsp;&nbsp;<a href="#changes.since.00">Since draft-ietf-httpbis-content-disp-00</a></li>
508            </ul>
509         </li>
510         <li class="tocline0"><a href="#rfc.index">Index</a></li>
511      </ul>
512      <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a>&nbsp;<a id="introduction" href="#introduction">Introduction</a></h1>
513      <p id="rfc.section.1.p.1">HTTP/1.1 defines the Content-Disposition response header field in <a href="http://tools.ietf.org/html/rfc2616#section-19.5.1">Section 19.5.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, but points out that it is not part of the HTTP/1.1 Standard (<a href="http://tools.ietf.org/html/rfc2616#section-15.5" id="rfc.xref.RFC2616.2">Section 15.5</a>):
514      </p>
515      <blockquote id="rfc.section.1.p.2" cite="http://tools.ietf.org/html/rfc2616#section-15.5"> 
516         <p>Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks
517            for implementers.
518         </p> 
519      </blockquote>
520      <p id="rfc.section.1.p.3">This specification takes over the definition and registration of Content-Disposition, as used in HTTP. Based on interoperability
521         testing with existing User Agents, it fully defines a profile of the features defined in the Multipurpose Internet Mail Extensions
522         (MIME) variant (<a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>) of the header field, and also clarifies internationalization aspects.
523      </p>
524      <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;Notational Conventions
525      </h1>
526      <p id="rfc.section.2.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
527         in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
528      </p>
529      <p id="rfc.section.2.p.2">This specification uses the augmented BNF notation defined in <a href="http://tools.ietf.org/html/rfc2616#section-2.1">Section 2.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, including its rules for linear whitespace (LWS).
530      </p>
531      <div id="rfc.iref.h.1"></div>
532      <div id="rfc.iref.c.1"></div>
533      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="header.field.definition" href="#header.field.definition">Header Field Definition</a></h1>
534      <p id="rfc.section.3.p.1">The Content-Disposition response header field is used to convey additional information about how to process the response payload,
535         and also can be used to attach additional metadata, such as the filename.
536      </p>
537      <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;Grammar
538      </h2>
539      <div id="rfc.figure.u.1"></div><pre class="inline">  content-disposition = "Content-Disposition" ":"
540                         disposition-type *( ";" disposition-parm )
541
542  disposition-type    = "inline" | "attachment" | disp-ext-type
543                      ; case-insensitive
544  disp-ext-type       = token
545
546  disposition-parm    = filename-parm | disp-ext-parm
547
548  filename-parm       = "filename" "=" value
549                      | "filename*" "=" ext-value
550 
551  disp-ext-parm       = token "=" value
552                      | ext-token "=" ext-value
553  ext-token           = &lt;the characters in token, followed by "*"&gt;
554</pre><div id="rfc.figure.u.2"></div> 
555      <p>Defined in <a href="#RFC2616" id="rfc.xref.RFC2616.4"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>:
556      </p>  <pre class="inline">  token       = &lt;token, defined in <a href="#RFC2616" id="rfc.xref.RFC2616.5"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-2.2">Section 2.2</a>&gt;
557  value       = &lt;value, defined in <a href="#RFC2616" id="rfc.xref.RFC2616.6"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-3.6">Section 3.6</a>&gt;
558</pre><div id="rfc.figure.u.3"></div> 
559      <p>Defined in <a href="#RFC5987" id="rfc.xref.RFC5987.1"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>:
560      </p>  <pre class="inline">  ext-value   = &lt;ext-value, defined in <a href="#RFC5987" id="rfc.xref.RFC5987.2"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>, <a href="http://tools.ietf.org/html/rfc5987#section-3.2">Section 3.2</a>&gt;
561</pre><h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="disposition.type" href="#disposition.type">Disposition Type</a></h2>
562      <p id="rfc.section.3.2.p.1">If the disposition type matches "attachment" (case-insensitively), this indicates that the user agent should not display the
563         response, but directly enter a "save as..." dialog.
564      </p>
565      <p id="rfc.section.3.2.p.2">On the other hand, if it matches "inline" (case-insensitively), this implies default processing.</p>
566      <p id="rfc.section.3.2.p.3">Unknown or unhandled disposition types <em class="bcp14">SHOULD</em> be handled the same way as "attachment" (see also <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>).
567      </p>
568      <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;<a id="disposition.parameter.filename" href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></h2>
569      <p id="rfc.section.3.3.p.1">The parameters "filename" and "filename*", to be matched case-insensitively, provide information on how to construct a filename
570         for storing the message payload.
571      </p>
572      <p id="rfc.section.3.3.p.2">Depending on the disposition type, this information might be used right away (in the "save as..." interaction caused for the
573         "attachment" disposition type), or later on (for instance, when the user decides to save the contents of the current page
574         being displayed).
575      </p>
576      <p id="rfc.section.3.3.p.3">"filename" and "filename*" behave the same, except that "filename*" uses the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.3"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>, allowing the use of characters not present in the ISO-8859-1 character set (<a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a>). When both "filename" and "filename*" are present, a recipient <em class="bcp14">SHOULD</em> pick "filename*" and ignore "filename" - this will make it possible to send the same header value to clients that do not support
577         "filename*".
578      </p>
579      <p id="rfc.section.3.3.p.4">It is essential that user agents treat the specified filename as advisory only, thus be very careful in extracting the desired
580         information. In particular:
581      </p>
582      <ul>
583         <li>
584            <p>When the value contains path separator characters, all but the last segment <em class="bcp14">SHOULD</em> be ignored. This prevents unintentional overwriting of well-known file system location (such as "/etc/passwd").
585            </p>
586         </li>
587         <li>
588            <p>Many platforms do not use Internet Media Types (<a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>) to hold type information in the file system, but rely on filename extensions instead. Trusting the server-provided file
589               extension could introduce a privilege escalation when later on the file is opened locally (consider ".exe"). Thus, recipients
590               need to ensure that a file extension is used that is safe, optimally matching the media type of the received payload.
591            </p>
592         </li>
593         <li>
594            <p>Other aspects recipients need to be aware of are names that have a special meaning in the filesystem or in shell commands,
595               such as "." and "..", "~", "|", and also device names.
596            </p>
597         </li>
598      </ul>
599      <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a>&nbsp;<a id="disposition.parameter.extensions" href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></h2>
600      <p id="rfc.section.3.4.p.1">To enable future extensions, unknown parameters <em class="bcp14">SHOULD</em> be ignored (see also <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>).
601      </p>
602      <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a>&nbsp;<a id="extensibility" href="#extensibility">Extensibility</a></h2>
603      <p id="rfc.section.3.5.p.1">Note that <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.4"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> defines IANA registries both for disposition types and disposition parameters. This registry is shared by different protocols
604         using Content-Disposition, such as MIME and HTTP. Therefore, not all registered values may make sense in the context of HTTP.
605      </p>
606      <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;Examples
607      </h1>
608      <div id="rfc.figure.u.4"></div> 
609      <p>Direct UA to show "save as" dialog, with a filename of "foo.html":</p>  <pre class="text">Content-Disposition: Attachment; filename=foo.html
610</pre><div id="rfc.figure.u.5"></div> 
611      <p>Direct UA to behave as if the Content-Disposition header field wasn't present, but to remember the filename "foo.html" for
612         a subsequent save operation:
613      </p>  <pre class="text">Content-Disposition: INLINE; FILENAME= "foo.html"
614</pre><div id="rfc.figure.u.6"></div> 
615      <p>Direct UA to show "save as" dialog, with a filename of "an example":</p>  <pre class="text">Content-Disposition: Attachment; Filename*=UTF-8'<b>en</b>'an<b>%20</b>example
616</pre>  <p>Note that this example uses the extended encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.4"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a> to specify that the natural language of the filename is English, and also to encode the space character which is not allowed
617         in the token production.
618      </p> 
619      <div id="rfc.figure.u.7"></div> 
620      <p>Direct UA to show "save as" dialog, with a filename containing the Unicode character U+20AC (EURO SIGN):</p>  <pre class="text">Content-Disposition: attachment; filename*= UTF-8''<b>%e2%82%ac</b>%20rates
621</pre>  <p>Here, the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.5"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a> is also used to encode the non-ISO-8859-1 character.
622      </p> 
623      <div id="rfc.figure.u.8"></div> 
624      <p>Same as above, but adding the "filename" parameter for compatibility with user agents not implementing RFC 5987:</p>  <pre class="text">Content-Disposition: attachment; filename="EURO rates";
625                                 filename*=utf-8''<b>%e2%82%ac</b>%20rates
626</pre>  <p>Note: as of September 2010, those user agents that do not support the RFC 5987 encoding ignore "filename*" when it occurs
627         after "filename". Unfortunately, some user agents that do support RFC 5987 do pick the "filename" rather than the "filename*"
628         parameter when it occurs first; it is expected that this situation is going to improve soon.
629      </p> 
630      <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="i18n" href="#i18n">Internationalization Considerations</a></h1>
631      <p id="rfc.section.5.p.1">The "filename*" parameter (<a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section&nbsp;3.3</a>), using the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.6"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>, allows the server to transmit characters outside the ISO-8859-1 character set, and also to optionally specify the language
632         in use.
633      </p>
634      <p id="rfc.section.5.p.2">Future parameters might also require internationalization, in which case the same encoding can be used.</p>
635      <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
636      <p id="rfc.section.6.p.1">Using server-supplied information for constructing local filenames introduces many risks. These are summarized in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section&nbsp;3.3</a>.
637      </p>
638      <p id="rfc.section.6.p.2">Furthermore, implementers also ought to be aware of the Security Considerations applying to HTTP (see <a href="http://tools.ietf.org/html/rfc2616#section-15">Section 15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.7"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), and also the parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.7"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a> (see <a href="http://tools.ietf.org/html/rfc5987#section-5" id="rfc.xref.RFC5987.8">Section 5</a>).
639      </p>
640      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1>
641      <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a id="registry" href="#registry">Registry for Disposition Values and Parameter</a></h2>
642      <p id="rfc.section.7.1.p.1">This specification does not introduce any changes to the registration procedures for disposition values and parameters that
643         are defined in <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.5"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>.
644      </p>
645      <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a>&nbsp;<a id="header.field.registration" href="#header.field.registration">Header Field Registration</a></h2>
646      <p id="rfc.section.7.2.p.1">This document updates the definition of the Content-Disposition HTTP header field in the permanent HTTP header field registry
647         (see <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a>).
648      </p>
649      <p id="rfc.section.7.2.p.2"> </p>
650      <dl>
651         <dt>Header field name:</dt>
652         <dd>Content-Disposition</dd>
653         <dt>Applicable protocol:</dt>
654         <dd>http</dd>
655         <dt>Status:</dt>
656         <dd>standard</dd>
657         <dt>Author/Change controller:</dt>
658         <dd>IETF</dd>
659         <dt>Specification document:</dt>
660         <dd>this specification (<a href="#header.field.definition" id="rfc.xref.header.field.definition.1" title="Header Field Definition">Section&nbsp;3</a>)
661         </dd>
662      </dl>
663      <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;Acknowledgements
664      </h1>
665      <p id="rfc.section.8.p.1">Thanks to Rolf Eike Beer, Alfred Hoenes, Roar Lauritzsen, and Henrik Nordstrom for their valuable feedback.</p>
666      <h1 id="rfc.references"><a id="rfc.section.9" href="#rfc.section.9">9.</a> References
667      </h1>
668      <h2 id="rfc.references.1"><a href="#rfc.section.9.1" id="rfc.section.9.1">9.1</a> Normative References
669      </h2>
670      <table>       
671         <tr>
672            <td class="reference"><b id="ISO-8859-1">[ISO-8859-1]</b></td>
673            <td class="top">International Organization for Standardization, “Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1”, ISO/IEC&nbsp;8859-1:1998, 1998.</td>
674         </tr>
675         <tr>
676            <td class="reference"><b id="RFC2119">[RFC2119]</b></td>
677            <td class="top"><a href="mailto:sob@harvard.edu" title="Harvard University">Bradner, S.</a>, “<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>”, BCP&nbsp;14, RFC&nbsp;2119, March&nbsp;1997.
678            </td>
679         </tr>
680         <tr>
681            <td class="reference"><b id="RFC2616">[RFC2616]</b></td>
682            <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="W3C">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Compaq Computer Corporation">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Frystyk, H.</a>, <a href="mailto:masinter@parc.xerox.com" title="Xerox Corporation">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, and <a href="mailto:timbl@w3.org" title="W3C">T. Berners-Lee</a>, “<a href="http://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC&nbsp;2616, June&nbsp;1999.
683            </td>
684         </tr>
685         <tr>
686            <td class="reference"><b id="RFC5987">[RFC5987]</b></td>
687            <td class="top"><a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">Reschke, J.</a>, “<a href="http://tools.ietf.org/html/rfc5987">Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers</a>”, RFC&nbsp;5987, August&nbsp;2010.
688            </td>
689         </tr>
690      </table>
691      <h2 id="rfc.references.2"><a href="#rfc.section.9.2" id="rfc.section.9.2">9.2</a> Informative References
692      </h2>
693      <table>             
694         <tr>
695            <td class="reference"><b id="RFC2046">[RFC2046]</b></td>
696            <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="http://tools.ietf.org/html/rfc2046">Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types</a>”, RFC&nbsp;2046, November&nbsp;1996.
697            </td>
698         </tr>
699         <tr>
700            <td class="reference"><b id="RFC2047">[RFC2047]</b></td>
701            <td class="top"><a href="mailto:moore@cs.utk.edu" title="University of Tennessee">Moore, K.</a>, “<a href="http://tools.ietf.org/html/rfc2047">MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text</a>”, RFC&nbsp;2047, November&nbsp;1996.
702            </td>
703         </tr>
704         <tr>
705            <td class="reference"><b id="RFC2183">[RFC2183]</b></td>
706            <td class="top"><a href="mailto:rens@century.com" title="New Century Systems">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com" title="QUALCOMM Incorporated">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu" title="Department of Computer Science">K. Moore</a>, “<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>”, RFC&nbsp;2183, August&nbsp;1997.
707            </td>
708         </tr>
709         <tr>
710            <td class="reference"><b id="RFC2231">[RFC2231]</b></td>
711            <td class="top"><a href="mailto:ned.freed@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:moore@cs.utk.edu" title="University of Tennessee">K. Moore</a>, “<a href="http://tools.ietf.org/html/rfc2231">MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations</a>”, RFC&nbsp;2231, November&nbsp;1997.
712            </td>
713         </tr>
714         <tr>
715            <td class="reference"><b id="RFC3629">[RFC3629]</b></td>
716            <td class="top"><a href="mailto:fyergeau@alis.com" title="Alis Technologies">Yergeau, F.</a>, “<a href="http://tools.ietf.org/html/rfc3629">UTF-8, a transformation format of ISO 10646</a>”, RFC&nbsp;3629, STD&nbsp;63, November&nbsp;2003.
717            </td>
718         </tr>
719         <tr>
720            <td class="reference"><b id="RFC3864">[RFC3864]</b></td>
721            <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="http://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP&nbsp;90, RFC&nbsp;3864, September&nbsp;2004.
722            </td>
723         </tr>
724         <tr>
725            <td class="reference"><b id="RFC3986">[RFC3986]</b></td>
726            <td class="top"><a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems Incorporated">L. Masinter</a>, “<a href="http://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>”, RFC&nbsp;3986, STD&nbsp;66, January&nbsp;2005.
727            </td>
728         </tr>
729      </table>
730      <div class="avoidbreak">
731         <h1 id="rfc.authors"><a href="#rfc.authors">Author's Address</a></h1>
732         <address class="vcard"><span class="vcardline"><span class="fn">Julian F. Reschke</span><span class="n hidden"><span class="family-name">Reschke</span><span class="given-name">Julian F.</span></span></span><span class="org vcardline">greenbytes GmbH</span><span class="adr"><span class="street-address vcardline">Hafenweg 16</span><span class="vcardline"><span class="locality">Muenster</span>, <span class="region">NW</span>&nbsp;<span class="postal-code">48155</span></span><span class="country-name vcardline">Germany</span></span><span class="vcardline">Email: <a href="mailto:julian.reschke@greenbytes.de"><span class="email">julian.reschke@greenbytes.de</span></a></span><span class="vcardline">URI: <a href="http://greenbytes.de/tech/webdav/" class="url">http://greenbytes.de/tech/webdav/</a></span></address>
733      </div>
734      <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a>&nbsp;<a id="changes.from.rfc2616" href="#changes.from.rfc2616">Changes from the RFC 2616 Definition</a></h1>
735      <p id="rfc.section.A.p.1">Compared to <a href="http://tools.ietf.org/html/rfc2616#section-19.5.1">Section 19.5.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.8"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, the following normative changes reflecting actual implementations have been made:
736      </p>
737      <ul>
738         <li>According to RFC 2616, the disposition type "attachment" only applies to content of type "application/octet-stream". This
739            restriction has been removed, because user agents in practice do not check the content type, and it also discourages properly
740            declaring the media type.
741         </li>
742         <li>RFC 2616 only allows "quoted-string" for the filename parameter. This would be an exceptional parameter syntax, and also doesn't
743            reflect actual use.
744         </li>
745         <li>The definition for the disposition type "inline" (<a href="#RFC2183" id="rfc.xref.RFC2183.6"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.1">Section 2.1</a>) has been re-added with a suggestion for its processing.
746         </li>
747         <li>This specification requires support for the extended parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.9"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>.
748         </li>
749      </ul>
750      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="diffs.compared.to.rfc2183" href="#diffs.compared.to.rfc2183">Differences compared to RFC 2183</a></h1>
751      <p id="rfc.section.B.p.1"> <a href="http://tools.ietf.org/html/rfc2183#section-2">Section 2</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.7"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> defines several additional disposition parameters: "creation-date", "modification-date", "quoted-date-time", and "size". These
752         do not appear to be implemented by any user agent, thus have been omitted from this specification.
753      </p>
754      <h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="alternatives" href="#alternatives">Alternative Approaches to Internationalization</a></h1>
755      <p id="rfc.section.C.p.1">By default, HTTP header field parameters cannot carry characters outside the ISO-8859-1 (<a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.2"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a>) character encoding (see <a href="#RFC2616" id="rfc.xref.RFC2616.9"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-2.2">Section 2.2</a>). For the "filename" parameter, this of course is an unacceptable restriction.
756      </p>
757      <p id="rfc.section.C.p.2">Unfortunately, user agent implementers have not managed to come up with an interoperable approach, although the IETF Standards
758         Track specifies exactly one solution (<a href="#RFC2231" id="rfc.xref.RFC2231.1"><cite title="MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations">[RFC2231]</cite></a>, clarified and profiled for HTTP in <a href="#RFC5987" id="rfc.xref.RFC5987.10"><cite title="Applicability of RFC 2231 Encoding to Hypertext Transfer Protocol (HTTP) Headers">[RFC5987]</cite></a>).
759      </p>
760      <p id="rfc.section.C.p.3">For completeness, the sections below describe the various approaches that have been tried, and explains how they are inferior
761         to the RFC 5987 encoding used in this specification.
762      </p>
763      <h2 id="rfc.section.C.1"><a href="#rfc.section.C.1">C.1</a>&nbsp;<a id="alternatives.rfc2047" href="#alternatives.rfc2047">RFC 2047 Encoding</a></h2>
764      <p id="rfc.section.C.1.p.1">RFC 2047 defines an encoding mechanism for header fields, but this encoding is not supposed to be used for header field parameters
765         - see <a href="http://tools.ietf.org/html/rfc2047#section-5">Section 5</a> of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a>:
766      </p>
767      <blockquote id="rfc.section.C.1.p.2" cite="http://tools.ietf.org/html/rfc2047#section-5"> 
768         <p>An 'encoded-word' MUST NOT appear within a 'quoted-string'.</p> 
769         <p>...</p> 
770         <p>An 'encoded-word' MUST NOT be used in parameter of a MIME Content-Type or Content-Disposition field, or in any structured
771            field body except within a 'comment' or 'phrase'.
772         </p> 
773      </blockquote>
774      <p id="rfc.section.C.1.p.3">In practice, some user agents implement the encoding, some do not (exposing the encoded string to the user), and some get
775         confused by it.
776      </p>
777      <h2 id="rfc.section.C.2"><a href="#rfc.section.C.2">C.2</a>&nbsp;<a id="alternatives.percent" href="#alternatives.percent">Percent Encoding</a></h2>
778      <p id="rfc.section.C.2.p.1">Some user agents accept percent encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>) sequences of characters encoded using the UTF-8 (<a href="#RFC3629" id="rfc.xref.RFC3629.1"><cite title="UTF-8, a transformation format of ISO 10646">[RFC3629]</cite></a>) character encoding.
779      </p>
780      <p id="rfc.section.C.2.p.2">In practice, this is hard to use because those user agents that do not support it will display the escaped character sequence
781         to the user.
782      </p>
783      <p id="rfc.section.C.2.p.3">Furthermore, the first user agent to implement this did choose the encoding based on local settings; thus making it very hard
784         to use in multi-lingual environments.
785      </p>
786      <h2 id="rfc.section.C.3"><a href="#rfc.section.C.3">C.3</a>&nbsp;<a id="alternatives.sniff" href="#alternatives.sniff">Encoding Sniffing</a></h2>
787      <p id="rfc.section.C.3.p.1">Some user agents inspect the value (which defaults to ISO-8859-1) and switch to UTF-8 when it seems to be more likely to be
788         the correct interpretation.
789      </p>
790      <p id="rfc.section.C.3.p.2">As with the approaches above, this is not interoperable and furthermore risks misinterpreting the actual value.</p>
791      <h2 id="rfc.section.C.4"><a href="#rfc.section.C.4">C.4</a>&nbsp;<a id="alternatives.implementations" href="#alternatives.implementations">Implementations</a></h2>
792      <p id="rfc.section.C.4.p.1">Unfortunately, as of September 2010, neither the encoding defined in RFCs 2231 and 5789, nor any of the alternate approaches
793         discussed above was implemented interoperably. Thus, this specification recommends the approach defined in RFC 5987, which
794         at least has the advantage of actually being specified properly.
795      </p>
796      <p id="rfc.section.C.4.p.2">The table below shows the implementation support for the various approaches: <span class="comment" id="impls">[<a href="#impls" class="smpl">impls</a>: Discuss: should we mention the implementation status of actual UAs in a RFC? Up to the IESG to decide...]</span> 
797      </p>
798      <div id="rfc.table.u.1">
799         <table class="tt full left" cellpadding="3" cellspacing="0">
800            <thead>
801               <tr>
802                  <th>User Agent</th>
803                  <th>RFC 2231/5987</th>
804                  <th>RFC 2047</th>
805                  <th>Percent Encoding</th>
806                  <th>Encoding Sniffing</th>
807               </tr>
808            </thead>
809            <tbody>
810               <tr>
811                  <td class="left">Chrome</td>
812                  <td class="left">no</td>
813                  <td class="left">yes</td>
814                  <td class="left">yes</td>
815                  <td class="left">yes</td>
816               </tr>
817               <tr>
818                  <td class="left">Firefox</td>
819                  <td class="left">yes (*)</td>
820                  <td class="left">yes</td>
821                  <td class="left">no</td>
822                  <td class="left">yes</td>
823               </tr>
824               <tr>
825                  <td class="left">Internet Explorer</td>
826                  <td class="left">no</td>
827                  <td class="left">no</td>
828                  <td class="left">yes</td>
829                  <td class="left">no</td>
830               </tr>
831               <tr>
832                  <td class="left">Konqueror</td>
833                  <td class="left">yes</td>
834                  <td class="left">no</td>
835                  <td class="left">no</td>
836                  <td class="left">no</td>
837               </tr>
838               <tr>
839                  <td class="left">Opera</td>
840                  <td class="left">yes (*)</td>
841                  <td class="left">no</td>
842                  <td class="left">no</td>
843                  <td class="left">no</td>
844               </tr>
845               <tr>
846                  <td class="left">Safari</td>
847                  <td class="left">no</td>
848                  <td class="left">no</td>
849                  <td class="left">no</td>
850                  <td class="left">yes</td>
851               </tr>
852            </tbody>
853         </table>
854         <p>(*) Does not implement the fallback behavior to "filename" described in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section&nbsp;3.3</a>.
855         </p>
856      </div>
857      <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a>&nbsp;<a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1>
858      <h2 id="rfc.section.D.1"><a href="#rfc.section.D.1">D.1</a>&nbsp;Since draft-reschke-rfc2183-in-http-00
859      </h2>
860      <p id="rfc.section.D.1.p.1">Adjust terminology ("header" -&gt; "header field"). Update rfc2231-in-http reference.</p>
861      <h2 id="rfc.section.D.2"><a href="#rfc.section.D.2">D.2</a>&nbsp;Since draft-reschke-rfc2183-in-http-01
862      </h2>
863      <p id="rfc.section.D.2.p.1">Update rfc2231-in-http reference. Actually define the "filename" parameter. Add internationalization considerations. Add examples
864         using the RFC 5987 encoding. Add overview over other approaches, plus a table reporting implementation status. Add and resolve
865         issue "nodep2183". Add issues "asciivsiso", "deplboth", "quoted", and "registry".
866      </p>
867      <h2 id="rfc.section.D.3"><a href="#rfc.section.D.3">D.3</a>&nbsp;Since draft-reschke-rfc2183-in-http-02
868      </h2>
869      <p id="rfc.section.D.3.p.1">Add and close issue "docfallback". Close issues "asciivsiso", "deplboth", "quoted", and "registry".</p>
870      <h2 id="rfc.section.D.4"><a href="#rfc.section.D.4">D.4</a>&nbsp;Since draft-reschke-rfc2183-in-http-03
871      </h2>
872      <p id="rfc.section.D.4.p.1">Updated to be a Working Draft of the IETF HTTPbis Working Group.</p>
873      <h2 id="rfc.section.D.5"><a href="#rfc.section.D.5">D.5</a>&nbsp;<a id="changes.since.00" href="#changes.since.00">Since draft-ietf-httpbis-content-disp-00</a></h2>
874      <p id="rfc.section.D.5.p.1">Closed issues: </p>
875      <ul>
876         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/242">http://tools.ietf.org/wg/httpbis/trac/ticket/242</a>&gt;: "handling of unknown disposition types"
877         </li>
878      </ul>
879      <p id="rfc.section.D.5.p.2">Slightly updated the notes about the proposed fallback behavior.</p>
880      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
881      <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a> 
882      </p>
883      <div class="print2col">
884         <ul class="ind">
885            <li class="indline0"><a id="rfc.index.C" href="#rfc.index.C"><b>C</b></a><ul class="ind">
886                  <li class="indline1">Content-Disposition header&nbsp;&nbsp;<a class="iref" href="#rfc.iref.c.1"><b>3</b></a>, <a class="iref" href="#rfc.xref.header.field.definition.1">7.2</a></li>
887               </ul>
888            </li>
889            <li class="indline0"><a id="rfc.index.H" href="#rfc.index.H"><b>H</b></a><ul class="ind">
890                  <li class="indline1">Headers&nbsp;&nbsp;
891                     <ul class="ind">
892                        <li class="indline1">Content-Disposition&nbsp;&nbsp;<a class="iref" href="#rfc.iref.h.1"><b>3</b></a>, <a class="iref" href="#rfc.xref.header.field.definition.1">7.2</a></li>
893                     </ul>
894                  </li>
895               </ul>
896            </li>
897            <li class="indline0"><a id="rfc.index.I" href="#rfc.index.I"><b>I</b></a><ul class="ind">
898                  <li class="indline1"><em>ISO-8859-1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.ISO-8859-1.1">3.3</a>, <a class="iref" href="#ISO-8859-1"><b>9.1</b></a>, <a class="iref" href="#rfc.xref.ISO-8859-1.2">C</a></li>
899               </ul>
900            </li>
901            <li class="indline0"><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul class="ind">
902                  <li class="indline1"><em>RFC2046</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2046.1">3.3</a>, <a class="iref" href="#RFC2046"><b>9.2</b></a></li>
903                  <li class="indline1"><em>RFC2047</em>&nbsp;&nbsp;<a class="iref" href="#RFC2047"><b>9.2</b></a>, <a class="iref" href="#rfc.xref.RFC2047.1">C.1</a><ul class="ind">
904                        <li class="indline1"><em>Section 5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2047.1">C.1</a></li>
905                     </ul>
906                  </li>
907                  <li class="indline1"><em>RFC2119</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2119.1">2</a>, <a class="iref" href="#RFC2119"><b>9.1</b></a></li>
908                  <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">1</a>, <a class="iref" href="#rfc.xref.RFC2183.2">3.2</a>, <a class="iref" href="#rfc.xref.RFC2183.3">3.4</a>, <a class="iref" href="#rfc.xref.RFC2183.4">3.5</a>, <a class="iref" href="#rfc.xref.RFC2183.5">7.1</a>, <a class="iref" href="#RFC2183"><b>9.2</b></a>, <a class="iref" href="#rfc.xref.RFC2183.6">A</a>, <a class="iref" href="#rfc.xref.RFC2183.7">B</a><ul class="ind">
909                        <li class="indline1"><em>Section 2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.7">B</a></li>
910                        <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.6">A</a></li>
911                        <li class="indline1"><em>Section 2.8</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.2">3.2</a>, <a class="iref" href="#rfc.xref.RFC2183.3">3.4</a></li>
912                        <li class="indline1"><em>Section 9</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.4">3.5</a>, <a class="iref" href="#rfc.xref.RFC2183.5">7.1</a></li>
913                     </ul>
914                  </li>
915                  <li class="indline1"><em>RFC2231</em>&nbsp;&nbsp;<a class="iref" href="#RFC2231"><b>9.2</b></a>, <a class="iref" href="#rfc.xref.RFC2231.1">C</a></li>
916                  <li class="indline1"><em>RFC2616</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.1">1</a>, <a class="iref" href="#rfc.xref.RFC2616.2">1</a>, <a class="iref" href="#rfc.xref.RFC2616.3">2</a>, <a class="iref" href="#rfc.xref.RFC2616.4">3.1</a>, <a class="iref" href="#rfc.xref.RFC2616.5">3.1</a>, <a class="iref" href="#rfc.xref.RFC2616.6">3.1</a>, <a class="iref" href="#rfc.xref.RFC2616.7">6</a>, <a class="iref" href="#RFC2616"><b>9.1</b></a>, <a class="iref" href="#rfc.xref.RFC2616.8">A</a>, <a class="iref" href="#rfc.xref.RFC2616.9">C</a><ul class="ind">
917                        <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.3">2</a></li>
918                        <li class="indline1"><em>Section 2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.5">3.1</a>, <a class="iref" href="#rfc.xref.RFC2616.9">C</a></li>
919                        <li class="indline1"><em>Section 3.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.6">3.1</a></li>
920                        <li class="indline1"><em>Section 15.5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.2">1</a></li>
921                        <li class="indline1"><em>Section 15</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.7">6</a></li>
922                        <li class="indline1"><em>Section 19.5.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.1">1</a>, <a class="iref" href="#rfc.xref.RFC2616.8">A</a></li>
923                     </ul>
924                  </li>
925                  <li class="indline1"><em>RFC3629</em>&nbsp;&nbsp;<a class="iref" href="#RFC3629"><b>9.2</b></a>, <a class="iref" href="#rfc.xref.RFC3629.1">C.2</a></li>
926                  <li class="indline1"><em>RFC3864</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3864.1">7.2</a>, <a class="iref" href="#RFC3864"><b>9.2</b></a></li>
927                  <li class="indline1"><em>RFC3986</em>&nbsp;&nbsp;<a class="iref" href="#RFC3986"><b>9.2</b></a>, <a class="iref" href="#rfc.xref.RFC3986.1">C.2</a><ul class="ind">
928                        <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC3986.1">C.2</a></li>
929                     </ul>
930                  </li>
931                  <li class="indline1"><em>RFC5987</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC5987.1">3.1</a>, <a class="iref" href="#rfc.xref.RFC5987.2">3.1</a>, <a class="iref" href="#rfc.xref.RFC5987.3">3.3</a>, <a class="iref" href="#rfc.xref.RFC5987.4">4</a>, <a class="iref" href="#rfc.xref.RFC5987.5">4</a>, <a class="iref" href="#rfc.xref.RFC5987.6">5</a>, <a class="iref" href="#rfc.xref.RFC5987.7">6</a>, <a class="iref" href="#rfc.xref.RFC5987.8">6</a>, <a class="iref" href="#RFC5987"><b>9.1</b></a>, <a class="iref" href="#rfc.xref.RFC5987.9">A</a>, <a class="iref" href="#rfc.xref.RFC5987.10">C</a><ul class="ind">
932                        <li class="indline1"><em>Section 3.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC5987.2">3.1</a></li>
933                        <li class="indline1"><em>Section 5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC5987.8">6</a></li>
934                     </ul>
935                  </li>
936               </ul>
937            </li>
938         </ul>
939      </div>
940   </body>
941</html>
Note: See TracBrowser for help on using the repository browser.