41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From 1808bcdf3424eab0c659ef2d0e85579aab977a1a Mon Sep 17 00:00:00 2001
|
|
From: namusyaka <namusyaka@gmail.com>
|
|
Date: Wed, 23 Nov 2022 22:24:02 +0900
|
|
Subject: [PATCH] escape filename in the Content-Disposition header
|
|
|
|
According the multipart form data spec in WHATWG living standard.
|
|
Ref: https://html.spec.whatwg.org/#multipart-form-data
|
|
|
|
Origin:
|
|
https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
|
|
---
|
|
test/helpers_test.rb | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/test/helpers_test.rb b/test/helpers_test.rb
|
|
index 463a21d..7201aab 100644
|
|
--- a/test/helpers_test.rb
|
|
+++ b/test/helpers_test.rb
|
|
@@ -781,6 +781,18 @@ class HelpersTest < Minitest::Test
|
|
assert_equal '<sinatra></sinatra>', body
|
|
end
|
|
|
|
+ it 'escapes filename in the Content-Disposition header according to the multipart form data spec in WHATWG living standard' do
|
|
+ mock_app do
|
|
+ get('/attachment') do
|
|
+ attachment "test.xml\";\r\next=.txt"
|
|
+ response.write("<sinatra></sinatra>")
|
|
+ end
|
|
+ end
|
|
+
|
|
+ get '/attachment'
|
|
+ assert_equal 'attachment; filename="test.xml%22;%0D%0Aext=.txt"', response['Content-Disposition']
|
|
+ assert_equal '<sinatra></sinatra>', body
|
|
+ end
|
|
end
|
|
|
|
describe 'send_file' do
|
|
--
|
|
2.47.0
|
|
|