* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #278: i278.diff

File i278.diff, 1.4 KB (added by julian.reschke@gmx.de, 5 years ago)

proposed patch

  • draft-ietf-httpbis-content-disp.xml

    261261      to hold type information in the file system, but rely on filename 
    262262      extensions instead. Trusting the server-provided file extension could 
    263263      introduce a privilege escalation when the saved file is later opened  
    264       (consider ".exe"). Thus, recipients need to ensure that a file extension 
     264      (consider ".exe"). Thus, recipients &SHOULD; ensure that a file extension 
    265265      is used that is safe, optimally matching the media type of the received 
    266266      payload. 
    267267    </t></x:lt> 
    268268    <x:lt><t> 
    269       Recipients are advised to strip or replace character sequences that are 
     269      Recipients &SHOULD; strip or replace character sequences that are 
    270270      known to cause confusion both in user interfaces and in filenames, such as 
    271271      control characters and leading and trailing whitespace. 
    272272    </t></x:lt> 
    273273    <x:lt><t> 
    274274      Other aspects recipients need to be aware of are names that have a  
    275275      special meaning in the file system or in shell commands, such as "." and "..", 
    276       "~", "|", and also device names. 
     276      "~", "|", and also device names. Recipients &SHOULD; ignore or substitute 
     277      names like these. 
    277278    </t></x:lt> 
    278279  </list>