Context Navigation

← Previous Change
Next Change →

Changeset 1293 for draft-ietf-httpbis-content-disp

Timestamp:

May 27, 2011, 1:06:18 AM (9 years ago)

Author:

julian.reschke@…

Message:

apply RFC-Editor AUTH48 changes

Location:

draft-ietf-httpbis-content-disp/latest

Files:

: 2 edited

draft-ietf-httpbis-content-disp.html (modified) (23 diffs)
draft-ietf-httpbis-content-disp.xml (modified) (24 diffs)

Legend:

: Unmodified
: Added
: Removed

draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html

-                      r1276
+                      r1293
+  }
   @bottom-center {
        content: "Expires November 2, 2011";
+       content: "Expires November 28, 2011";
+  }
   @bottom-right {
 …
       <link rel="Chapter" href="#rfc.section.10" title="10 References">
       <link rel="Appendix" title="A Changes from the RFC 2616 Definition" href="#rfc.section.A">
       <link rel="Appendix" title="B Differences compared to RFC 2183" href="#rfc.section.B">
+      <link rel="Appendix" title="B Differences Compared to RFC 2183" href="#rfc.section.B">
       <link rel="Appendix" title="C Alternative Approaches to Internationalization" href="#rfc.section.C">
       <link rel="Appendix" title="D Advice on Generating Content-Disposition Header Fields" href="#rfc.section.D">
 …
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-content-disp-latest">
       <meta name="dct.issued" scheme="ISO8601" content="2011-05-01">
+      <meta name="dct.issued" scheme="ISO8601" content="2011-05-27">
       <meta name="dct.abstract" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
       <meta name="description" content="RFC 2616 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects.">
 …
                <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved)
                </td>
                <td class="right">May 1, 2011</td>
+               <td class="right">May 27, 2011</td>
             </tr>
             <tr>
 …
             </tr>
             <tr>
                <td class="left">Expires: November 2, 2011</td>
+               <td class="left">Expires: November 28, 2011</td>
                <td class="right"></td>
             </tr>
 …
          in progress”.
       </p>
       <p>This Internet-Draft will expire on November 2, 2011.</p>
+      <p>This Internet-Draft will expire on November 28, 2011.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
 …
          <li>7.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a></li>
          <li>8.&nbsp;&nbsp;&nbsp;<a href="#iana.considerations">IANA Considerations</a><ul>
                <li>8.1&nbsp;&nbsp;&nbsp;<a href="#registry">Registry for Disposition Values and Parameter</a></li>
+               <li>8.1&nbsp;&nbsp;&nbsp;<a href="#registry">Registry for Disposition Values and Parameters</a></li>
                <li>8.2&nbsp;&nbsp;&nbsp;<a href="#header.field.registration">Header Field Registration</a></li>
             </ul>
 …
          <li><a href="#rfc.authors">Author's Address</a></li>
          <li>A.&nbsp;&nbsp;&nbsp;<a href="#changes.from.rfc2616">Changes from the RFC 2616 Definition</a></li>
          <li>B.&nbsp;&nbsp;&nbsp;<a href="#diffs.compared.to.rfc2183">Differences compared to RFC 2183</a></li>
+         <li>B.&nbsp;&nbsp;&nbsp;<a href="#diffs.compared.to.rfc2183">Differences Compared to RFC 2183</a></li>
          <li>C.&nbsp;&nbsp;&nbsp;<a href="#alternatives">Alternative Approaches to Internationalization</a><ul>
                <li>C.1&nbsp;&nbsp;&nbsp;<a href="#alternatives.rfc2047">RFC 2047 Encoding</a></li>
 …
       </ul>
       <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a>&nbsp;<a id="introduction" href="#introduction">Introduction</a></h1>
       <p id="rfc.section.1.p.1">RFC 2616 defines the Content-Disposition response header field in <a href="http://tools.ietf.org/html/rfc2616#section-19.5.1">Section 19.5.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, but points out that it is not part of the HTTP/1.1 Standard (<a href="http://tools.ietf.org/html/rfc2616#section-15.5" id="rfc.xref.RFC2616.2">Section 15.5</a>):
+      <p id="rfc.section.1.p.1">RFC 2616 defines the Content-Disposition response header field (<a href="http://tools.ietf.org/html/rfc2616#section-19.5.1">Section 19.5.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>) but points out that it is not part of the HTTP/1.1 Standard (<a href="http://tools.ietf.org/html/rfc2616#section-15.5" id="rfc.xref.RFC2616.2">Section 15.5</a>):
       </p>
       <blockquote id="rfc.section.1.p.2" cite="http://tools.ietf.org/html/rfc2616#section-15.5">
 …
       </blockquote>
       <p id="rfc.section.1.p.3">This specification takes over the definition and registration of Content-Disposition, as used in HTTP. Based on interoperability
          testing with existing User Agents, it fully defines a profile of the features defined in the Multipurpose Internet Mail Extensions
          (MIME) variant (<a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>) of the header field, and also clarifies internationalization aspects.
+         testing with existing user agents (UAs), it fully defines a profile of the features defined in the Multipurpose Internet Mail
+         Extensions (MIME) variant (<a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>) of the header field, and also clarifies internationalization aspects.
       </p>
       <div class="note" id="rfc.section.1.p.4">
          <p> <b>Note:</b> this document does not apply to Content-Disposition header fields appearing in payload bodies transmitted over HTTP, such
+         <p> <b>Note:</b> This document does not apply to Content-Disposition header fields appearing in payload bodies transmitted over HTTP, such
             as when using the media type "multipart/form-data" (<a href="#RFC2388" id="rfc.xref.RFC2388.1"><cite title="Returning Values from Forms: multipart/form-data">[RFC2388]</cite></a>).
          </p>
 …
       <p id="rfc.section.3.p.3">Senders <em class="bcp14">MUST NOT</em> generate Content-Disposition header fields that are invalid.
       </p>
       <p id="rfc.section.3.p.4">Recipients <em class="bcp14">MAY</em> take steps to recover a usable field-value from an invalid header field, but <em class="bcp14">SHOULD NOT</em> reject the message outright, unless this is explicitly desirable behaviour (e.g., the implementation is a validator). As such,
+      <p id="rfc.section.3.p.4">Recipients <em class="bcp14">MAY</em> take steps to recover a usable field-value from an invalid header field, but <em class="bcp14">SHOULD NOT</em> reject the message outright, unless this is explicitly desirable behavior (e.g., the implementation is a validator). As such,
          the default handling of invalid fields is to ignore them.
       </p>
 …
       <p id="rfc.section.4.1.p.5">Note that due to the rules for implied linear whitespace (<a href="http://tools.ietf.org/html/rfc2616#section-2.1">Section 2.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.8"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), <em class="bcp14">OPTIONAL</em> whitespace can appear between words (token or quoted-string) and separator characters.
       </p>
       <p id="rfc.section.4.1.p.6">Furthermore note that the format used for ext-value allows specifying a natural language (e.g., "en"); this is of limited
+      <p id="rfc.section.4.1.p.6">Furthermore, note that the format used for ext-value allows specifying a natural language (e.g., "en"); this is of limited
          use for filenames and is likely to be ignored by recipients.
       </p>
 …
          more expressive "filename*" parameter, and the "filename" parameter as fallback for legacy recipients (see <a href="#examples" title="Examples">Section&nbsp;5</a> for an example).
       </p>
       <p id="rfc.section.4.3.p.5">It is essential that recipients treat the specified filename as advisory only, thus be very careful in extracting the desired
          information. In particular:
+      <p id="rfc.section.4.3.p.5">It is essential that recipients treat the specified filename as advisory only, and thus be very careful in extracting the
+         desired information. In particular:
       </p>
       <ul>
          <li>
             <p>Recipients <em class="bcp14">MUST NOT</em> be able to write into any location other than one to which they are specifically entitled. To illustrate the problem consider
+            <p>Recipients <em class="bcp14">MUST NOT</em> be able to write into any location other than one to which they are specifically entitled. To illustrate the problem, consider
                the consequences of being able to overwrite well-known system locations (such as "/etc/passwd"). One strategy to achieve this
                is to never trust folder name information in the filename parameter, for instance by stripping all but the last path segment
                and only consider the actual filename (where 'path segment' are the components of the field value delimited by the path separator
                characters "\" and "/").
+               and only considering the actual filename (where 'path segment' are the components of the field value delimited by the path
+               separator characters "\" and "/").
             </p>
          </li>
          <li>
             <p>Many platforms do not use Internet Media Types (<a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>) to hold type information in the file system, but rely on filename extensions instead. Trusting the server-provided file
                extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients which
+               extension could introduce a privilege escalation when the saved file is later opened (consider ".exe"). Thus, recipients that
                make use of file extensions to determine the media type <em class="bcp14">MUST</em> ensure that a file extension is used that is safe, optimally matching the media type of the received payload.
             </p>
 …
       <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="examples" href="#examples">Examples</a></h1>
       <div id="rfc.figure.u.4"></div>
       <p>Direct UA to show "save as" dialog, with a filename of "example.html":</p>  <pre class="text">Content-Disposition: Attachment; filename=example.html
+      <p>Direct the UA to show "save as" dialog, with a filename of "example.html":</p>  <pre class="text">Content-Disposition: Attachment; filename=example.html
 </pre><div id="rfc.figure.u.5"></div>
       <p>Direct UA to behave as if the Content-Disposition header field wasn't present, but to remember the filename "an example.html"
+      <p>Direct the UA to behave as if the Content-Disposition header field wasn't present, but to remember the filename "an example.html"
          for a subsequent save operation:
       </p>  <pre class="text">Content-Disposition: INLINE; FILENAME= "an example.html"
 </pre>  <p>Note: this uses the quoted-string form so that the space character can be included.</p>
       <div id="rfc.figure.u.6"></div>
       <p>Direct UA to show "save as" dialog, with a filename containing the Unicode character U+20AC (EURO SIGN):</p>  <pre class="text">Content-Disposition: attachment;
+      <p>Direct the UA to show "save as" dialog, with a filename containing the Unicode character U+20AC (EURO SIGN):</p>  <pre class="text">Content-Disposition: attachment;
                      filename*= UTF-8''<b>%e2%82%ac</b>%20rates
 </pre>  <p>Here, the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.4"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a> is also used to encode the non-ISO-8859-1 character.
       </p>
       <div id="rfc.figure.u.7"></div>
+      <p>Same as above, but adding the "filename" parameter for compatibility with user agents not implementing RFC 5987:</p>  <pre class="text">Content-Disposition: attachment;
+      <p>This example is the same as above, but adding the "filename" parameter for compatibility with user agents not implementing
+         RFC 5987:
+      </p>  <pre class="text">Content-Disposition: attachment;
                      filename="EURO rates";
                      filename*=utf-8''<b>%e2%82%ac</b>%20rates
 …
       <p id="rfc.section.7.p.1">Using server-supplied information for constructing local filenames introduces many risks. These are summarized in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section&nbsp;4.3</a>.
       </p>
       <p id="rfc.section.7.p.2">Furthermore, implementers also ought to be aware of the Security Considerations applying to HTTP (see <a href="http://tools.ietf.org/html/rfc2616#section-15">Section 15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.9"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), and also the parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.6"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a> (see <a href="http://tools.ietf.org/html/rfc5987#section-5" id="rfc.xref.RFC5987.7">Section 5</a>).
+      <p id="rfc.section.7.p.2">Furthermore, implementers ought to be aware of the security considerations applying to HTTP (see <a href="http://tools.ietf.org/html/rfc2616#section-15">Section 15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.9"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), and also the parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.6"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a> (see <a href="http://tools.ietf.org/html/rfc5987#section-5" id="rfc.xref.RFC5987.7">Section 5</a>).
       </p>
       <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1>
       <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a>&nbsp;<a id="registry" href="#registry">Registry for Disposition Values and Parameter</a></h2>
+      <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a>&nbsp;<a id="registry" href="#registry">Registry for Disposition Values and Parameters</a></h2>
       <p id="rfc.section.8.1.p.1">This specification does not introduce any changes to the registration procedures for disposition values and parameters that
          are defined in <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.5"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>.
 …
          <tr>
             <td class="reference"><b id="RFC2183">[RFC2183]</b></td>
             <td class="top"><a href="mailto:rens@century.com" title="New Century Systems">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com" title="QUALCOMM Incorporated">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu" title="Department of Computer Science">K. Moore</a>, “<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>”, RFC&nbsp;2183, August&nbsp;1997.
+            <td class="top"><a href="mailto:rens@century.com" title="New Century Systems">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com" title="QUALCOMM Incorporated">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu" title="Department of Computer Science">K. Moore, Ed.</a>, “<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>”, RFC&nbsp;2183, August&nbsp;1997.
             </td>
          </tr>
 …
          </li>
       </ul>
       <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="diffs.compared.to.rfc2183" href="#diffs.compared.to.rfc2183">Differences compared to RFC 2183</a></h1>
+      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="diffs.compared.to.rfc2183" href="#diffs.compared.to.rfc2183">Differences Compared to RFC 2183</a></h1>
       <p id="rfc.section.B.p.1"> <a href="http://tools.ietf.org/html/rfc2183#section-2">Section 2</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.7"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> defines several additional disposition parameters: "creation-date", "modification-date", "quoted-date-time", and "size". The
          majority of user agents does not implement these, thus they have been omitted from this specification.
+         majority of user agents do not implement these; thus, they have been omitted from this specification.
       </p>
       <h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="alternatives" href="#alternatives">Alternative Approaches to Internationalization</a></h1>
 …
          Track specifies exactly one solution (<a href="#RFC2231" id="rfc.xref.RFC2231.1"><cite title="MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations">[RFC2231]</cite></a>, clarified and profiled for HTTP in <a href="#RFC5987" id="rfc.xref.RFC5987.9"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>).
       </p>
       <p id="rfc.section.C.p.3">For completeness, the sections below describe the various approaches that have been tried, and explains how they are inferior
          to the RFC 5987 encoding used in this specification.
+      <p id="rfc.section.C.p.3">For completeness, the sections below describe the various approaches that have been tried, and explain how they are inferior
+         to the RFC&nbsp;5987 encoding used in this specification.
       </p>
       <h2 id="rfc.section.C.1"><a href="#rfc.section.C.1">C.1</a>&nbsp;<a id="alternatives.rfc2047" href="#alternatives.rfc2047">RFC 2047 Encoding</a></h2>
       <p id="rfc.section.C.1.p.1">RFC 2047 defines an encoding mechanism for header fields, but this encoding is not supposed to be used for header field parameters
          - see <a href="http://tools.ietf.org/html/rfc2047#section-5">Section 5</a> of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a>:
+         — see <a href="http://tools.ietf.org/html/rfc2047#section-5">Section 5</a> of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a>:
       </p>
       <blockquote id="rfc.section.C.1.p.2" cite="http://tools.ietf.org/html/rfc2047#section-5">
 …
       </p>
       <h2 id="rfc.section.C.2"><a href="#rfc.section.C.2">C.2</a>&nbsp;<a id="alternatives.percent" href="#alternatives.percent">Percent Encoding</a></h2>
       <p id="rfc.section.C.2.p.1">Some user agents accept percent encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>) sequences of characters. The character encoding being used for decoding depends on various factors, including the encoding
+      <p id="rfc.section.C.2.p.1">Some user agents accept percent-encoded (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>) sequences of characters. The character encoding being used for decoding depends on various factors, including the encoding
          of the referring page, the user agent's locale, its configuration, and also the actual value of the parameter.
       </p>
       <p id="rfc.section.C.2.p.2">In practice, this is hard to use because those user agents that do not support it will display the escaped character sequence
          to the user. For those user agents that do implement this it is difficult to predict what character encoding they actually
+         to the user. For those user agents that do implement this, it is difficult to predict what character encoding they actually
          expect.
       </p>
 …
          to be more likely to be the correct interpretation.
       </p>
       <p id="rfc.section.C.3.p.2">As with the approaches above, this is not interoperable and furthermore risks misinterpreting the actual value.</p>
+      <p id="rfc.section.C.3.p.2">As with the approaches above, this is not interoperable and, furthermore, risks misinterpreting the actual value.</p>
       <h2 id="rfc.section.C.4"><a href="#rfc.section.C.4">C.4</a>&nbsp;<a id="alternatives.implementations" href="#alternatives.implementations">Implementations (to be removed by RFC Editor before publication)</a></h2>
       <p id="rfc.section.C.4.p.1">Unfortunately, as of March 2011, neither the encoding defined in RFCs 2231 and 5987, nor any of the alternate approaches discussed
 …
          </li>
          <li>Avoid including the "\" character in the quoted-string form of the filename parameter, as escaping is not implemented by some
             user agents, and can be considered as an illegal path character.
+            user agents, and "\" can be considered an illegal path character.
          </li>
          <li>Avoid using non-ASCII characters in the filename parameter. Although most existing implementations will decode them as ISO-8859-1,
 …
          </li>
       </ul>
       <p id="rfc.section.D.p.3">Note that this advice is based upon UA behaviour at the time of writing, and might be superseded. At the time of publication
+      <p id="rfc.section.D.p.3">Note that this advice is based upon UA behavior at the time of writing, and might be superseded. At the time of publication
          of this document, &lt;<a href="http://purl.org/NET/http/content-disposition-tests">http://purl.org/NET/http/content-disposition-tests</a>&gt; provides an overview of current levels of support in various implementations.
       </p>
 …
       </p>
       <h2 id="rfc.section.E.14"><a href="#rfc.section.E.14">E.14</a>&nbsp;<a id="changes.since.09" href="#changes.since.09">Since draft-ietf-httpbis-content-disp-09</a></h2>
       <p id="rfc.section.E.14.p.1">None yet.</p>
+      <p id="rfc.section.E.14.p.1">Editorial changes made during RFC-Editor AUTH48 phase.</p>
       <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
       <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.U">U</a>

draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.xml

-                      r1276
+                      r1293
   <!ENTITY SHOULD "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD</bcp14>">
   <!ENTITY SHOULD-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD NOT</bcp14>">
+  <!ENTITY mdash "&#8212;">
 ]>
 …
 <section title="Introduction" anchor="introduction">
 <t>
+  RFC 2616 defines the Content-Disposition response header field in <xref target="RFC2616" x:fmt="of" x:sec="19.5.1"/>,
+  RFC 2616 defines the Content-Disposition response header field
+  (<xref target="RFC2616" x:fmt="of" x:sec="19.5.1"/>)
   but points out that it is not part of the HTTP/1.1 Standard (<xref target="RFC2616" x:fmt="sec" x:sec="15.5"/>):
 </t>
 …
   This specification takes over the definition and registration of
   Content-Disposition, as used in HTTP.
   Based on interoperability testing with existing User Agents,
+  Based on interoperability testing with existing user agents (UAs),
   it fully defines a profile of the
   features defined in the Multipurpose Internet Mail Extensions (MIME) variant (<xref target="RFC2183"/>) of the
 …
 <x:note>
   <t>
     <x:h>Note:</x:h> this document does not apply to Content-Disposition
+    <x:h>Note:</x:h> This document does not apply to Content-Disposition
     header fields appearing in payload bodies transmitted over HTTP, such as
     when using the media type "multipart/form-data" (<xref target="RFC2388"/>).
 …
   Recipients &MAY; take steps to recover a usable field-value
   from an invalid header field, but &SHOULD-NOT; reject the message outright,
   unless this is explicitly desirable behaviour (e.g., the implementation is a
+  unless this is explicitly desirable behavior (e.g., the implementation is a
   validator). As such, the default handling of invalid fields is to ignore them.
 </t>
 …
 </t>
 <t>
   Furthermore note that the format used for ext-value allows specifying a
+  Furthermore, note that the format used for ext-value allows specifying a
   natural language (e.g., "en"); this is of limited use for filenames and is
   likely to be ignored by recipients.
 …
 <t>
   It is essential that recipients treat the specified filename as advisory
   only, thus be very careful in extracting the desired information.
+  only, and thus be very careful in extracting the desired information.
   In particular:
   <list style="symbols">
     <x:lt><t>
       Recipients &MUST-NOT; be able to write into any location other than one
       to which they are specifically entitled. To illustrate the problem
+      to which they are specifically entitled. To illustrate the problem,
       consider the consequences of being able to overwrite well-known system
       locations (such as "/etc/passwd"). One strategy to achieve this is to
       never trust folder name information in the filename parameter, for
       instance by stripping all but the last path segment and only consider the
       actual filename (where 'path segment' are the components of the field
+      instance by stripping all but the last path segment and only considering
+      the actual filename (where 'path segment' are the components of the field
       value delimited by the path separator characters "\" and "/").
     </t></x:lt>
 …
       extensions instead. Trusting the server-provided file extension could
       introduce a privilege escalation when the saved file is later opened
       (consider ".exe"). Thus, recipients which make use of file extensions
+      (consider ".exe"). Thus, recipients that make use of file extensions
       to determine the media type &MUST; ensure that a file extension
       is used that is safe, optimally matching the media type of the received
 …
 <figure>
 <preamble>
 Direct UA to show "save as" dialog, with a filename of "example.html":
+Direct the UA to show "save as" dialog, with a filename of "example.html":
 </preamble>
 <artwork type="example">
 …
 <figure>
 <preamble>
 Direct UA to behave as if the Content-Disposition header field wasn't present,
+Direct the UA to behave as if the Content-Disposition header field wasn't present,
 but to remember the filename "an example.html" for a subsequent save operation:
 </preamble>
 …
 <figure>
 <preamble>
 Direct UA to show "save as" dialog, with a filename containing the Unicode character  U+20AC (EURO SIGN):
+Direct the UA to show "save as" dialog, with a filename containing the Unicode character  U+20AC (EURO SIGN):
 </preamble>
 <artwork type="example" x:indent-with="  ">
 …
 <figure>
 <preamble>
+Same as above, but adding the "filename" parameter for compatibility with
 user agents not implementing RFC 5987:
+This example is the same as above, but adding the "filename" parameter for
+compatibility with user agents not implementing RFC 5987:
 </preamble>
 <artwork type="example" x:indent-with="  ">
 …
 </t>
 <t>
   Furthermore, implementers also ought to be aware of the Security
   Considerations applying to HTTP (see <xref target="RFC2616" x:fmt="of" x:sec="15"/>), and also the parameter encoding defined in <xref target="RFC5987"/>
+  Furthermore, implementers ought to be aware of the security considerations
+  applying to HTTP (see <xref target="RFC2616" x:fmt="of" x:sec="15"/>), and also the parameter encoding defined in <xref target="RFC5987"/>
   (see <xref target="RFC5987" x:fmt="sec" x:sec="5"/>).
 </t>
 …
 <section title="IANA Considerations" anchor="iana.considerations">
 <section title="Registry for Disposition Values and Parameter" anchor="registry">
+<section title="Registry for Disposition Values and Parameters" anchor="registry">
 <t>
   This specification does not introduce any changes to the registration
 …
         <address><email>sdorner@qualcomm.com</email></address>
       </author>
       <author initials="K." surname="Moore" fullname="Keith Moore">
+      <author initials="K." surname="Moore" fullname="Keith Moore" role="editor">
         <organization>Department of Computer Science</organization>
         <address><email>moore@cs.utk.edu</email></address>
 …
 </section>
 <section title="Differences compared to RFC 2183" anchor="diffs.compared.to.rfc2183">
+<section title="Differences Compared to RFC 2183" anchor="diffs.compared.to.rfc2183">
 <t>
   <xref target="RFC2183" x:fmt="of" x:sec="2"/> defines several additional
   disposition parameters: "creation-date", "modification-date",
   "quoted-date-time", and "size". The majority of user agents does not implement
   these, thus they have been omitted from this specification.
+  "quoted-date-time", and "size". The majority of user agents do not implement
+  these; thus, they have been omitted from this specification.
 </t>
 </section>
 …
 <t>
   For completeness, the sections below describe the various approaches that
   have been tried, and explains how they are inferior to the RFC 5987
+  have been tried, and explain how they are inferior to the RFC&#160;5987
   encoding used in this specification.
 </t>
 …
   RFC 2047 defines an encoding mechanism for
   header fields, but this encoding is not supposed to be used for
   header field parameters - see <xref target="RFC2047" x:fmt="of" x:sec="5"/>:
+  header field parameters &mdash; see <xref target="RFC2047" x:fmt="of" x:sec="5"/>:
 </t>
 <x:blockquote cite="http://tools.ietf.org/html/rfc2047#section-5">
 …
 <section title="Percent Encoding" anchor="alternatives.percent">
 <t>
   Some user agents accept percent encoded (<xref target="RFC3986" x:fmt="," x:sec="2.1"/>)
+  Some user agents accept percent-encoded (<xref target="RFC3986" x:fmt="," x:sec="2.1"/>)
   sequences of characters. The character encoding being used for decoding
   depends on various factors, including the encoding of the referring page,
 …
   In practice, this is hard to use because those user agents that do not
   support it will display the escaped character sequence to the user. For those
   user agents that do implement this it is difficult to predict what character
+  user agents that do implement this, it is difficult to predict what character
   encoding they actually expect.
 </t>
 …
 </t>
 <t>
   As with the approaches above, this is not interoperable and furthermore
+  As with the approaches above, this is not interoperable and, furthermore,
   risks misinterpreting the actual value.
 </t>
 …
     <t>Avoid including the "\" character in the quoted-string form of the
     filename parameter, as escaping is not implemented by some user agents,
     and can be considered as an illegal path character.</t>
+    and "\" can be considered an illegal path character.</t>
     <t>Avoid using non-ASCII characters in the filename parameter. Although
     most existing implementations will decode them as ISO-8859-1, some
 …
 </t>
 <t>
   Note that this advice is based upon UA behaviour at the time of writing, and
+  Note that this advice is based upon UA behavior at the time of writing, and
   might be superseded. At the time of publication of this document,
   <eref target="http://purl.org/NET/http/content-disposition-tests"/> provides
 …
 <section title="Since draft-ietf-httpbis-content-disp-09" anchor="changes.since.09">
 <t>
   None yet.
+  Editorial changes made during RFC-Editor AUTH48 phase.
 </t>
 </section>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1293 for draft-ietf-httpbis-content-disp

Legend:

draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html

draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.xml

Download in other formats: