> So, it's not so much the security issue (the browser's job), but an > appearance-of-fault issue: the site not wanting to be blamed if the > browser fails at that job.
Well, the browser does the best it can (i.e., documents the origin of a download), and the user does the best he can (examines the displayed origin). If that's not enough, then we have a problem. (That's not unique to disposition=, by the way; on unrecognized MIME types, browsers often derive file name from the notoriously unreliable URL path signal, which is completely controlled by the attacker in cases such as the PATH_INFO mechanism in Apache.) /mz
