Server : Apache System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 User : pragmatice ( 1003) PHP Version : 8.2.24 Disable Function : NONE Directory :  /home/etherpad/src/node_modules/ienoopen/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

Internet Explorer, restrict untrusted HTML
==========================================
[![Build Status](https://travis-ci.org/helmetjs/ienoopen.svg?branch=master)](https://travis-ci.org/helmetjs/ienoopen)

This middleware sets the `X-Download-Options` header to `noopen` to prevent Internet Explorer users from executing downloads in your site's context.

```javascript
const ienoopen = require('ienoopen')
app.use(ienoopen())
```

Some web applications will serve untrusted HTML for download. By default, some versions of IE will allow you to open those HTML files *in the context of your site*, which means that an untrusted HTML page could start doing bad things in the context of your pages. For more, see [this MSDN blog post](http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx).

This is pretty obscure, fixing a small bug on IE only. No real drawbacks other than performance/bandwidth of setting the headers, though.