* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 269


Ignore:
Timestamp:
2008-06-20 09:48:20 (7 years ago)
Author:
julian.reschke@gmx.de
Message:

Resolve #121: RFC 2183 replaced RFC 1806, only cite the newer one (closes #121).

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p3-payload.html

    r268 r269  
    474474         <tr> 
    475475            <td class="header left"></td> 
    476             <td class="header right">June 19, 2008</td> 
     476            <td class="header right">June 20, 2008</td> 
    477477         </tr> 
    478478      </table> 
     
    13501350      </p> 
    13511351      <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a id="content-disposition.issues" href="#content-disposition.issues">Content-Disposition Issues</a></h2> 
    1352       <p id="rfc.section.8.2.p.1"> <a href="#RFC1806" id="rfc.xref.RFC1806.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the 
    1353          HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> (which updates <a href="#RFC1806" id="rfc.xref.RFC1806.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>) for details. 
     1352      <p id="rfc.section.8.2.p.1"> <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the 
     1353         HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="http://tools.ietf.org/html/rfc2183#section-5">Section 5</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> for details. 
    13541354      </p> 
    13551355      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1> 
     
    14371437      <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References 
    14381438      </h2> 
    1439       <table summary="Informative References">                             
    1440          <tr> 
    1441             <td class="reference"><b id="RFC1806">[RFC1806]</b></td> 
    1442             <td class="top"><a title="New Century Systems">Troost, R.</a> and <a title="QUALCOMM Incorporated">S. Dorner</a>, “<a href="http://tools.ietf.org/html/rfc1806">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</a>”, RFC&nbsp;1806, June&nbsp;1995. 
    1443             </td> 
    1444          </tr> 
     1439      <table summary="Informative References">                           
    14451440         <tr> 
    14461441            <td class="reference"><b id="RFC1945">[RFC1945]</b></td> 
     
    15921587      <p id="rfc.section.B.1.p.1">The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename 
    15931588         if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition 
    1594          in <a href="#RFC1806" id="rfc.xref.RFC1806.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>. 
     1589         in <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>. 
    15951590      </p> 
    15961591      <div id="rfc.figure.u.40"></div><pre class="inline"><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span>  <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition" ":" 
     
    16881683      </ul> 
    16891684      <h2 id="rfc.section.D.5"><a href="#rfc.section.D.5">D.5</a>&nbsp;<a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p3-payload-03</a></h2> 
     1685      <p id="rfc.section.D.5.p.1">Closed issues: </p> 
     1686      <ul> 
     1687         <li> &lt;<a href="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121">http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121</a>&gt;: "RFC 1806 has been replaced by RFC2183" 
     1688         </li> 
     1689      </ul> 
    16901690      <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1> 
    16911691      <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the 
     
    18561856            <li class="indline0"><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul class="ind"> 
    18571857                  <li class="indline1"><em>RFC1766</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1766.1">3.5</a>, <a class="iref" href="#RFC1766"><b>10.1</b></a></li> 
    1858                   <li class="indline1"><em>RFC1806</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1806.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC1806.2">8.2</a>, <a class="iref" href="#RFC1806"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1806.3">B.1</a></li> 
    18591858                  <li class="indline1"><em>RFC1864</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1864.1">6.8</a>, <a class="iref" href="#rfc.xref.RFC1864.2">6.8</a>, <a class="iref" href="#RFC1864"><b>10.1</b></a></li> 
    18601859                  <li class="indline1"><em>RFC1945</em>&nbsp;&nbsp;<a class="iref" href="#RFC1945"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1945.1">B</a></li> 
     
    18771876                  <li class="indline1"><em>RFC2076</em>&nbsp;&nbsp;<a class="iref" href="#RFC2076"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2076.1">B</a></li> 
    18781877                  <li class="indline1"><em>RFC2119</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2119.1">1.1</a>, <a class="iref" href="#RFC2119"><b>10.1</b></a></li> 
    1879                   <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a></li> 
     1878                  <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC2183.2">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2183.3">B.1</a><ul class="ind"> 
     1879                        <li class="indline1"><em>Section 5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.2">8.2</a></li> 
     1880                     </ul> 
     1881                  </li> 
    18801882                  <li class="indline1"><em>RFC2277</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2277.1">3.1</a>, <a class="iref" href="#RFC2277"><b>10.2</b></a></li> 
    18811883                  <li class="indline1"><em>RFC2388</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2388.1">3.3.2</a>, <a class="iref" href="#RFC2388"><b>10.2</b></a></li> 
  • draft-ietf-httpbis/latest/p3-payload.xml

    r268 r269  
    16241624<section title="Content-Disposition Issues" anchor="content-disposition.issues"> 
    16251625<t> 
    1626    <xref target="RFC1806"/>, from which the often implemented Content-Disposition 
     1626   <xref target="RFC2183"/>, from which the often implemented Content-Disposition 
    16271627   (see <xref target="content-disposition"/>) header in HTTP is derived, has a number of very 
    16281628   serious security considerations. Content-Disposition is not part of 
    16291629   the HTTP standard, but since it is widely implemented, we are 
    1630    documenting its use and risks for implementors. See <xref target="RFC2183"/> 
    1631    (which updates <xref target="RFC1806"/>) for details. 
     1630   documenting its use and risks for implementors. See <xref target="RFC2183" x:fmt="of" x:sec="5"/> 
     1631   for details. 
    16321632</t> 
    16331633</section> 
     
    20302030<references title="Informative References"> 
    20312031 
    2032 <reference anchor="RFC1806"> 
    2033   <front> 
    2034     <title abbrev="Content-Disposition">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</title> 
    2035     <author initials="R." surname="Troost" fullname="Rens Troost"> 
    2036       <organization>New Century Systems</organization> 
    2037       <address><email>rens@century.com</email></address> 
    2038     </author> 
    2039     <author initials="S." surname="Dorner" fullname="Steve Dorner"> 
    2040       <organization>QUALCOMM Incorporated</organization> 
    2041       <address><email>sdorner@qualcomm.com</email></address> 
    2042     </author> 
    2043     <date month="June" year="1995"/> 
    2044   </front> 
    2045   <seriesInfo name="RFC" value="1806"/> 
    2046 </reference> 
    2047  
    20482032<reference anchor="RFC1945"> 
    20492033  <front> 
     
    24502434   means for the origin server to suggest a default filename if the user 
    24512435   requests that the content is saved to a file. This usage is derived 
    2452    from the definition of Content-Disposition in <xref target="RFC1806"/>. 
     2436   from the definition of Content-Disposition in <xref target="RFC2183"/>. 
    24532437</t> 
    24542438<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="content-disposition"/><iref primary="true" item="Grammar" subitem="disposition-type"/><iref primary="true" item="Grammar" subitem="disposition-parm"/><iref primary="true" item="Grammar" subitem="filename-parm"/><iref primary="true" item="Grammar" subitem="disp-extension-token"/><iref primary="true" item="Grammar" subitem="disp-extension-parm"/> 
     
    26382622<section title="Since draft-ietf-httpbis-p3-payload-03" anchor="changes.since.03"> 
    26392623<t> 
    2640 </t> 
    2641 </section> 
     2624  Closed issues: 
     2625  <list style="symbols">  
     2626    <t> 
     2627      <eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121"/>: 
     2628      "RFC 1806 has been replaced by RFC2183" 
     2629    </t> 
     2630  </list> 
     2631</t> 
     2632 </section> 
    26422633 
    26432634</section> 
Note: See TracChangeset for help on using the changeset viewer.