Ignore:
Timestamp:
06/03/11 11:01:07 (11 years ago)
Author:
julian.reschke@…
Message:

use RFC2119 keywords when discussing handling the filename parameter (see #278)

Location:
draft-ietf-httpbis-content-disp/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html

    r1145 r1152  
    371371  }
    372372  @bottom-center {
    373        content: "Expires September 2, 2011";
     373       content: "Expires September 7, 2011";
    374374  }
    375375  @bottom-right {
     
    412412      <meta name="dct.creator" content="Reschke, J. F.">
    413413      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-content-disp-latest">
    414       <meta name="dct.issued" scheme="ISO8601" content="2011-03-01">
     414      <meta name="dct.issued" scheme="ISO8601" content="2011-03-06">
    415415      <meta name="dct.abstract" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
    416416      <meta name="description" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
     
    430430               <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved)
    431431               </td>
    432                <td class="right">March 1, 2011</td>
     432               <td class="right">March 6, 2011</td>
    433433            </tr>
    434434            <tr>
     
    437437            </tr>
    438438            <tr>
    439                <td class="left">Expires: September 2, 2011</td>
     439               <td class="left">Expires: September 7, 2011</td>
    440440               <td class="right"></td>
    441441            </tr>
     
    466466         in progress”.
    467467      </p>
    468       <p>This Internet-Draft will expire on September 2, 2011.</p>
     468      <p>This Internet-Draft will expire on September 7, 2011.</p>
    469469      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    470470      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    638638         <li>
    639639            <p>Many platforms do not use Internet Media Types (<a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>) to hold type information in the file system, but rely on filename extensions instead. Trusting the server-provided file
    640                extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients need
    641                to ensure that a file extension is used that is safe, optimally matching the media type of the received payload.
     640               extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients <em class="bcp14">SHOULD</em> ensure that a file extension is used that is safe, optimally matching the media type of the received payload.
    642641            </p>
    643642         </li>
    644643         <li>
    645             <p>Recipients are advised to strip or replace character sequences that are known to cause confusion both in user interfaces and
    646                in filenames, such as control characters and leading and trailing whitespace.
     644            <p>Recipients <em class="bcp14">SHOULD</em> strip or replace character sequences that are known to cause confusion both in user interfaces and in filenames, such as control
     645               characters and leading and trailing whitespace.
    647646            </p>
    648647         </li>
    649648         <li>
    650649            <p>Other aspects recipients need to be aware of are names that have a special meaning in the file system or in shell commands,
    651                such as "." and "..", "~", "|", and also device names.
     650               such as "." and "..", "~", "|", and also device names. Recipients <em class="bcp14">SHOULD</em> ignore or substitute names like these.
    652651            </p>
    653652         </li>
     
    10191018      <p id="rfc.section.E.10.p.2">Added appendix "Advice on Generating Content-Disposition Header Fields".</p>
    10201019      <h2 id="rfc.section.E.11"><a href="#rfc.section.E.11">E.11</a>&nbsp;<a id="changes.since.06" href="#changes.since.06">Since draft-ietf-httpbis-content-disp-06</a></h2>
    1021       <p id="rfc.section.E.11.p.1">None yet.</p>
     1020      <p id="rfc.section.E.11.p.1">Closed issues: </p>
     1021      <ul>
     1022         <li> &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278</a>&gt;: "conformance language"
     1023         </li>
     1024      </ul>
    10221025      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
    10231026      <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a>

  • draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.xml

    r1145 r1152  
    262262      extensions instead. Trusting the server-provided file extension could
    263263      introduce a privilege escalation when the saved file is later opened
    264       (consider ".exe"). Thus, recipients need to ensure that a file extension
     264      (consider ".exe"). Thus, recipients &SHOULD; ensure that a file extension
    265265      is used that is safe, optimally matching the media type of the received
    266266      payload.
    267267    </t></x:lt>
    268268    <x:lt><t>
    269       Recipients are advised to strip or replace character sequences that are
     269      Recipients &SHOULD; strip or replace character sequences that are
    270270      known to cause confusion both in user interfaces and in filenames, such as
    271271      control characters and leading and trailing whitespace.
     
    274274      Other aspects recipients need to be aware of are names that have a
    275275      special meaning in the file system or in shell commands, such as "." and "..",
    276       "~", "|", and also device names.
     276      "~", "|", and also device names. Recipients &SHOULD; ignore or substitute
     277      names like these.
    277278    </t></x:lt>
    278279  </list>
     
    10401041<section title="Since draft-ietf-httpbis-content-disp-06" anchor="changes.since.06">
    10411042<t>
    1042   None yet.
     1043  Closed issues:
     1044  <list style="symbols">
     1045     <t>
     1046      <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278"/>:
     1047      "conformance language"
     1048    </t>
     1049  </list>
    10431050</t>
    10441051</section>
Note: See TracChangeset for help on using the changeset viewer.