Sunday, January 3, 2010


I think there's a problem in how several web browsers fail to escape the filenames for Content-Disposition. I reported the problem and put a call out for people to verify the problem and either enlighten me or to submit bug reports to the relevant trackers.


Joshua Sierles said...

We found this to be true and it's a big problem. Filenames get truncated, or fail to parse and ruin an upload. Flash-based file upload also suffers from this problem. Since there is no deterministic way to parse these headers, browser vendors should agree on an escaping method here.

Andrew Dalke said...

Thanks for your feedback! After I posted that I tracked down the Firefox bug reports related to it. There are several in Bugzilla. 136676 and 185863 were made in 2002. WebKit's 22381 is similar, but elsewhere it looks like they say the problem is in Safari and not WebKit, and I can't see the Safari bugs.

Is there a better way to raise this issue?