Comment 195 for bug 25830

Content-disposition is described in http://www.faqs.org/rfcs/rfc2183. It is also mentioned in the "Security considerations" section of the HTTP spec (http://www.faqs.org/rfcs/rfc2616), although it's not clear what security considerations it's talking about.

Btw, I'm not sure I agree with the way you equate "non-standard" with "wrong".