Changeset 1152 for draft-ietf-httpbis-content-disp/latest
- Timestamp:
- 06/03/11 11:01:07 (12 years ago)
- Location:
- draft-ietf-httpbis-content-disp/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html
r1145 r1152 371 371 } 372 372 @bottom-center { 373 content: "Expires September 2, 2011";373 content: "Expires September 7, 2011"; 374 374 } 375 375 @bottom-right { … … 412 412 <meta name="dct.creator" content="Reschke, J. F."> 413 413 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-content-disp-latest"> 414 <meta name="dct.issued" scheme="ISO8601" content="2011-03-0 1">414 <meta name="dct.issued" scheme="ISO8601" content="2011-03-06"> 415 415 <meta name="dct.abstract" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects."> 416 416 <meta name="description" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects."> … … 430 430 <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved) 431 431 </td> 432 <td class="right">March 1, 2011</td>432 <td class="right">March 6, 2011</td> 433 433 </tr> 434 434 <tr> … … 437 437 </tr> 438 438 <tr> 439 <td class="left">Expires: September 2, 2011</td>439 <td class="left">Expires: September 7, 2011</td> 440 440 <td class="right"></td> 441 441 </tr> … … 466 466 in progress”. 467 467 </p> 468 <p>This Internet-Draft will expire on September 2, 2011.</p>468 <p>This Internet-Draft will expire on September 7, 2011.</p> 469 469 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 470 470 <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 638 638 <li> 639 639 <p>Many platforms do not use Internet Media Types (<a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>) to hold type information in the file system, but rely on filename extensions instead. Trusting the server-provided file 640 extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients need 641 to ensure that a file extension is used that is safe, optimally matching the media type of the received payload. 640 extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients <em class="bcp14">SHOULD</em> ensure that a file extension is used that is safe, optimally matching the media type of the received payload. 642 641 </p> 643 642 </li> 644 643 <li> 645 <p>Recipients are advised to strip or replace character sequences that are known to cause confusion both in user interfaces and646 in filenames, such as controlcharacters and leading and trailing whitespace.644 <p>Recipients <em class="bcp14">SHOULD</em> strip or replace character sequences that are known to cause confusion both in user interfaces and in filenames, such as control 645 characters and leading and trailing whitespace. 647 646 </p> 648 647 </li> 649 648 <li> 650 649 <p>Other aspects recipients need to be aware of are names that have a special meaning in the file system or in shell commands, 651 such as "." and "..", "~", "|", and also device names. 650 such as "." and "..", "~", "|", and also device names. Recipients <em class="bcp14">SHOULD</em> ignore or substitute names like these. 652 651 </p> 653 652 </li> … … 1019 1018 <p id="rfc.section.E.10.p.2">Added appendix "Advice on Generating Content-Disposition Header Fields".</p> 1020 1019 <h2 id="rfc.section.E.11"><a href="#rfc.section.E.11">E.11</a> <a id="changes.since.06" href="#changes.since.06">Since draft-ietf-httpbis-content-disp-06</a></h2> 1021 <p id="rfc.section.E.11.p.1">None yet.</p> 1020 <p id="rfc.section.E.11.p.1">Closed issues: </p> 1021 <ul> 1022 <li> <<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278</a>>: "conformance language" 1023 </li> 1024 </ul> 1022 1025 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 1023 1026 <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a> -
draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.xml
r1145 r1152 262 262 extensions instead. Trusting the server-provided file extension could 263 263 introduce a privilege escalation when the saved file is later opened 264 (consider ".exe"). Thus, recipients need toensure that a file extension264 (consider ".exe"). Thus, recipients &SHOULD; ensure that a file extension 265 265 is used that is safe, optimally matching the media type of the received 266 266 payload. 267 267 </t></x:lt> 268 268 <x:lt><t> 269 Recipients are advised tostrip or replace character sequences that are269 Recipients &SHOULD; strip or replace character sequences that are 270 270 known to cause confusion both in user interfaces and in filenames, such as 271 271 control characters and leading and trailing whitespace. … … 274 274 Other aspects recipients need to be aware of are names that have a 275 275 special meaning in the file system or in shell commands, such as "." and "..", 276 "~", "|", and also device names. 276 "~", "|", and also device names. Recipients &SHOULD; ignore or substitute 277 names like these. 277 278 </t></x:lt> 278 279 </list> … … 1040 1041 <section title="Since draft-ietf-httpbis-content-disp-06" anchor="changes.since.06"> 1041 1042 <t> 1042 None yet. 1043 Closed issues: 1044 <list style="symbols"> 1045 <t> 1046 <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278"/>: 1047 "conformance language" 1048 </t> 1049 </list> 1043 1050 </t> 1044 1051 </section>
Note: See TracChangeset
for help on using the changeset viewer.