When I tested file download functionality on a file named test.svg, in IE8 - 8.0.6001.19489 version I could see the file is getting opened in the context of web application . But When I tested the same file(test.svg) in IE8 - 8.0.7601.17514 version it is opening from a temp files location.This difference in behavior will create security issues.
We are using following header parameters:
Content-Disattachment
Content-Type: application/octet-stream
we want to disable open for all content types that IE might try to open inline(especially forfor ‘IE8 or earlier’ versions)
Hence please let me know the file types that IE might try to open inline (in the context of web application).