On 01.03.2011 17:00, Barry Leiba wrote:
I agree that this needs tuning; but I'd rather not invent a new keyword for
that.
Sensible.
The appendix D
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-06.html#rfc.section.D>)
isn't meant to be normative; thus I believe leaving it the way it is ought
to be ok.
OK.
With respect to
<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-06.html#rfc.section.4.3>,
I believe we really should say "SHOULD" in all the three last items:
It all works for me. Thanks, and again, I'm sorry to pipe in late.
...
Proposed change for the three items in 4.3:
o Many platforms do not use Internet Media Types ([RFC2046]) to hold
type information in the file system, but rely on filename
extensions instead. Trusting the server-provided file extension
could introduce a privilege escalation when the saved file is
later opened (consider ".exe"). Thus, recipients SHOULD ensure
that a file extension is used that is safe, optimally matching the
media type of the received payload.
o Recipients SHOULD strip or replace character sequences that are
known to cause confusion both in user interfaces and in filenames,
such as control characters and leading and trailing whitespace.
o Other aspects recipients need to be aware of are names that have a
special meaning in the file system or in shell commands, such as
"." and "..", "~", "|", and also device names. Recipients SHOULD
ignore or substitute names like these.
(see
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/278/i278.diff>).
Best regards, Julian
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf