-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mime/multipart: encode non-US-ASCII characters in Content-Disposition #33801
Comments
@pascaldekloe, what is the rationale for / impact of the proposed change? Is this a feature request to support non-ASCII value for those names, or a bugfix for names that RFC requires the library is required to support? Either way, why is there no corresponding documentation change in the CL? (Presumably the change widens the set of acceptable names, so the doc comment should probably mention which names are acceptable either way.) |
Not sure what to say here. I was surprised by the sloppy escape and fixed it. No more HTTP violation with UTF-8 or control characters in the header. |
Change https://golang.org/cl/189858 mentions this issue: |
Hmm... It seems to be a duplicate CL from me |
Timed out in state WaitingForInfo. Closing. (I am just a bot, though. Please speak up if this is a mistake or you have the requested information.) |
Gopherbot this hasn't timed out. |
Gopherbot, chill! |
The problem is that label @bcmills. |
Change https://golang.org/cl/190217 mentions this issue: |
I am coming here from CL https://go-review.googlesource.com/c/go/+/190217 where @pascaldekloe has submitted a change that makes *mime/multipart.Writer generate a "Content-Disposition" value after invoking mime.FormatMediaType instead of using a quote escaper.
In a comment https://go-review.googlesource.com/c/go/+/190217/1#message-b06f1016c7862f1d35ef7a12dc95fc4426a48178
@mattn asks
This issue is to have a discussion, but I'll also loop in some security folks @mikesamuel @empijei, to help evaluate or just beware of the update.
The text was updated successfully, but these errors were encountered: