The receiving [user agent] SHOULD NOT respect any directory path information that may seem to be present in the filename parameter. The filename should be treated as a terminal component only.
The reason for this is that it prones a security vulnerability:
Since this memo provides a way for the sender to suggest a filename, a receiving [user agent] must take care that the sender's suggested filename does not represent a hazard. Using UNIX as an example, some hazards would be:
- Creating startup files (e.g., "
- Creating or overwriting system files (e.g., "
- Overwriting any existing file.
- Placing executable files into any command search path (e.g., "
- Sending the file to a pipe (e.g., "