I'm going to try to summarize the problem here as I see it. Over the last few years, Mozilla has moved in the direction of focusing on security at the cost of some user control. Though to my knowledge no official statement has ever been made acknowledging this, it is apparent through their actions and the tone of some of the things they *have* said. This is not the place to debate that decision, and I do not wish to, but for our purposes it suffices to note that there *is* inherent tension between those two aims. Any power the user is given to alter the behaviour of the browser's interaction with external content, risks creating a security vulnerability. Most users do not have a strong grasp of security theory, and rely heavily on Mozilla's experts to keep them safe.
There is an inherent risk in having an external application automatically process *any* kind of file. Many common programs are not designed to handle malicious input, and some that are do a poor job at it. *Glances towards Adobe Acrobat*. It is a sane default to ask the user before proceeding any time there is an elevated risk of bad behaviour. Since it appears from a quick search that a number of server operators use `content-disposition: attachment` on user-uploaded files to reduce the risk of XSS-type attacks, it appears we have such a case. Thus, a credible argument can be made that Firefox *ought* to ignore the user's choice of automatic behaviour in these instances. That other browsers do not react this way does not constrain us. We are not obligated to emulate their design decisions. It has been suggested in comment 90 that people out to do less talking and more patch submitting, but as comment 110 noted, people are reluctant to work on creating a patch when they are uncertain if it has any chance of being accepted due to design choices by the development team. I **strongly** suggest that a Mozilla staff member make an executive decision as to whether this behaviour is in fact a bug to be fixed, and state so in a comment, or else close this as `WONTFIX` and say that a decision has been made to err on the side of security and not let the end user select a default behaviour when a `content-disposition: attachment` exists -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1065126 Title: "Always do this from now on" does not work To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1065126/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
