-
-
Notifications
You must be signed in to change notification settings - Fork 16.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
send_file doesn't urlencode ':/' in unicode attachment_filename #3074
Comments
Hi @i-akhmadullin |
This was working in Chrome when I implemented this. If they're changing behavior, that's incorrect and needs to be reported to them. I don't think Flask can do anything about it because it still needs to send both for compatibility with other clients. |
This issue is about encoding colon and slash in attachment filename, not about filename/filename*. Flask uses Line 589 in a74864e
https://github.com/pallets/werkzeug/blob/master/werkzeug/urls.py#L518 |
Your description in "actual behavior" makes no mention of how ":/" relate to the issue, it just mentions "filename" and "filename*". Could you review and make sure the issue accurately represents what you're trying to describe? |
@davidism sorry for the confusion, should be clearer now |
Expected Behavior
When sending files with unicode filename (with
:
or/
) they should be downloaded with name fromfilename*
field.Actual Behavior
Some browsers (Chrome-based/Safari) ignore
filename*
field when it contains colon or slash. For example fileтест:тест_тест.py
gets downloaded in Chrome/Safari as__.py
but in Firefox asтест_тест_тест.py
which is acceptable in my opinion.Flask response:
Content-Disposition: attachment; filename*="UTF-8''%D1%82%D0%B5%D1%81%D1%82:%D1%82%D0%B5%D1%81%D1%82_%D1%82%D0%B5%D1%81%D1%82.py"; filename=":_.py"
Environment
The text was updated successfully, but these errors were encountered: