Changeset 269 for draft-ietf-httpbis/latest
- Timestamp:
- 20/06/08 16:48:20 (14 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p3-payload.html
r268 r269 474 474 <tr> 475 475 <td class="header left"></td> 476 <td class="header right">June 19, 2008</td>476 <td class="header right">June 20, 2008</td> 477 477 </tr> 478 478 </table> … … 1350 1350 </p> 1351 1351 <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a> <a id="content-disposition.issues" href="#content-disposition.issues">Content-Disposition Issues</a></h2> 1352 <p id="rfc.section.8.2.p.1"> <a href="#RFC 1806" id="rfc.xref.RFC1806.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the1353 HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href=" #RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> (which updates <a href="#RFC1806" id="rfc.xref.RFC1806.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>)for details.1352 <p id="rfc.section.8.2.p.1"> <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the 1353 HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="http://tools.ietf.org/html/rfc2183#section-5">Section 5</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> for details. 1354 1354 </p> 1355 1355 <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a> <a id="ack" href="#ack">Acknowledgments</a></h1> … … 1437 1437 <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References 1438 1438 </h2> 1439 <table summary="Informative References"> 1440 <tr> 1441 <td class="reference"><b id="RFC1806">[RFC1806]</b></td> 1442 <td class="top"><a title="New Century Systems">Troost, R.</a> and <a title="QUALCOMM Incorporated">S. Dorner</a>, “<a href="http://tools.ietf.org/html/rfc1806">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</a>”, RFC 1806, June 1995. 1443 </td> 1444 </tr> 1439 <table summary="Informative References"> 1445 1440 <tr> 1446 1441 <td class="reference"><b id="RFC1945">[RFC1945]</b></td> … … 1592 1587 <p id="rfc.section.B.1.p.1">The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename 1593 1588 if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition 1594 in <a href="#RFC 1806" id="rfc.xref.RFC1806.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>.1589 in <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>. 1595 1590 </p> 1596 1591 <div id="rfc.figure.u.40"></div><pre class="inline"><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span> <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition" ":" … … 1688 1683 </ul> 1689 1684 <h2 id="rfc.section.D.5"><a href="#rfc.section.D.5">D.5</a> <a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p3-payload-03</a></h2> 1685 <p id="rfc.section.D.5.p.1">Closed issues: </p> 1686 <ul> 1687 <li> <<a href="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121">http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121</a>>: "RFC 1806 has been replaced by RFC2183" 1688 </li> 1689 </ul> 1690 1690 <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1> 1691 1691 <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the … … 1856 1856 <li class="indline0"><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul class="ind"> 1857 1857 <li class="indline1"><em>RFC1766</em> <a class="iref" href="#rfc.xref.RFC1766.1">3.5</a>, <a class="iref" href="#RFC1766"><b>10.1</b></a></li> 1858 <li class="indline1"><em>RFC1806</em> <a class="iref" href="#rfc.xref.RFC1806.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC1806.2">8.2</a>, <a class="iref" href="#RFC1806"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1806.3">B.1</a></li>1859 1858 <li class="indline1"><em>RFC1864</em> <a class="iref" href="#rfc.xref.RFC1864.1">6.8</a>, <a class="iref" href="#rfc.xref.RFC1864.2">6.8</a>, <a class="iref" href="#RFC1864"><b>10.1</b></a></li> 1860 1859 <li class="indline1"><em>RFC1945</em> <a class="iref" href="#RFC1945"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1945.1">B</a></li> … … 1877 1876 <li class="indline1"><em>RFC2076</em> <a class="iref" href="#RFC2076"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2076.1">B</a></li> 1878 1877 <li class="indline1"><em>RFC2119</em> <a class="iref" href="#rfc.xref.RFC2119.1">1.1</a>, <a class="iref" href="#RFC2119"><b>10.1</b></a></li> 1879 <li class="indline1"><em>RFC2183</em> <a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a></li> 1878 <li class="indline1"><em>RFC2183</em> <a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC2183.2">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2183.3">B.1</a><ul class="ind"> 1879 <li class="indline1"><em>Section 5</em> <a class="iref" href="#rfc.xref.RFC2183.2">8.2</a></li> 1880 </ul> 1881 </li> 1880 1882 <li class="indline1"><em>RFC2277</em> <a class="iref" href="#rfc.xref.RFC2277.1">3.1</a>, <a class="iref" href="#RFC2277"><b>10.2</b></a></li> 1881 1883 <li class="indline1"><em>RFC2388</em> <a class="iref" href="#rfc.xref.RFC2388.1">3.3.2</a>, <a class="iref" href="#RFC2388"><b>10.2</b></a></li> -
draft-ietf-httpbis/latest/p3-payload.xml
r268 r269 1624 1624 <section title="Content-Disposition Issues" anchor="content-disposition.issues"> 1625 1625 <t> 1626 <xref target="RFC 1806"/>, from which the often implemented Content-Disposition1626 <xref target="RFC2183"/>, from which the often implemented Content-Disposition 1627 1627 (see <xref target="content-disposition"/>) header in HTTP is derived, has a number of very 1628 1628 serious security considerations. Content-Disposition is not part of 1629 1629 the HTTP standard, but since it is widely implemented, we are 1630 documenting its use and risks for implementors. See <xref target="RFC2183" />1631 (which updates <xref target="RFC1806"/>)for details.1630 documenting its use and risks for implementors. See <xref target="RFC2183" x:fmt="of" x:sec="5"/> 1631 for details. 1632 1632 </t> 1633 1633 </section> … … 2030 2030 <references title="Informative References"> 2031 2031 2032 <reference anchor="RFC1806">2033 <front>2034 <title abbrev="Content-Disposition">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</title>2035 <author initials="R." surname="Troost" fullname="Rens Troost">2036 <organization>New Century Systems</organization>2037 <address><email>rens@century.com</email></address>2038 </author>2039 <author initials="S." surname="Dorner" fullname="Steve Dorner">2040 <organization>QUALCOMM Incorporated</organization>2041 <address><email>sdorner@qualcomm.com</email></address>2042 </author>2043 <date month="June" year="1995"/>2044 </front>2045 <seriesInfo name="RFC" value="1806"/>2046 </reference>2047 2048 2032 <reference anchor="RFC1945"> 2049 2033 <front> … … 2450 2434 means for the origin server to suggest a default filename if the user 2451 2435 requests that the content is saved to a file. This usage is derived 2452 from the definition of Content-Disposition in <xref target="RFC 1806"/>.2436 from the definition of Content-Disposition in <xref target="RFC2183"/>. 2453 2437 </t> 2454 2438 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="content-disposition"/><iref primary="true" item="Grammar" subitem="disposition-type"/><iref primary="true" item="Grammar" subitem="disposition-parm"/><iref primary="true" item="Grammar" subitem="filename-parm"/><iref primary="true" item="Grammar" subitem="disp-extension-token"/><iref primary="true" item="Grammar" subitem="disp-extension-parm"/> … … 2638 2622 <section title="Since draft-ietf-httpbis-p3-payload-03" anchor="changes.since.03"> 2639 2623 <t> 2640 </t> 2641 </section> 2624 Closed issues: 2625 <list style="symbols"> 2626 <t> 2627 <eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121"/>: 2628 "RFC 1806 has been replaced by RFC2183" 2629 </t> 2630 </list> 2631 </t> 2632 </section> 2642 2633 2643 2634 </section>
Note: See TracChangeset
for help on using the changeset viewer.