On Sat, Apr 30, 2011 at 2:54 PM, Michal Zalewski <[email protected]> wrote: > My concern is a bit more straightforward. To use a practical example: > just because a social networking site allows nearly arbitrary JPEG > files to be uploaded and served as profile pictures (Content-Type: > image/jpeg) does not mean that the applications wants users to be > offered that content as a download named Security_Update.exe, > supposedly coming from that trusted site.
So, it's not so much the security issue (the browser's job), but an appearance-of-fault issue: the site not wanting to be blamed if the browser fails at that job. > But yes, there are probably also potential interactions with > whitelisted domains, especially given that the whitelist-based > capabilities are expanding rapidly. That suggests that this should be added sooner rather than later, so the concept of filenames for files on trusted domains being set by untrusted domains is considered in the design of these capabilities, rather than being bolted on later. -- Glenn Maynard
