On 5/26/11 2:06 PM, Dennis Joachimsthaler wrote:
<a href='http://example.com/user_content/harmless_text_file.txt'
disposition='attachment; filename="Important_Security_Update.exe"'>
At least in the case of Firefox for that particular case on Windows
thefilename will be sanitized...
So what does Firefox do in this case?
I believe it forces the extension to match the MIME type; if the type
text/plain the saved filename will be "Important_Security_Update.exe.txt".
But yes, there are other situations where things could be more
problematic.
Which are these? Please enlighten me.
Well, in the Firefox case non-Windows OSes, where the theory is that the
handling of a file does not depend on the extension but the practice is
... variable.
-Boris
