I needed a feature which lets users download emails they have received as html files. The html files will contain the email body which is basically user generated content.
I'm using the Content-Disposition header to indicate to the browser that the html file is intended to be downloaded and not viewed. It is very important that the user is not able to view the file but only download it because if the email body contains javascript and the file is viewed then the javascript will be executed in the context of the website's domain, which is a security nightmare.
So is relying on the Content-Disposition header safe enough for this? Or is there a need for some better security mechanism?