You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
token := 1*<any (US-ASCII) CHAR except SPACE, CTLs,
or tspecials>
tspecials := "(" / ")" / "<" / ">" / "@" /
"," / ";" / ":" / "\" / <">
"/" / "[" / "]" / "?" / "="
; Must be in quoted-string,
; to use within parameter values
according to RFC2045 special characters are only allowed within quoted-strings. RFC2046 even warns about this:
The grammar for parameters on the Content-
type field is such that it is often necessary to enclose the boundary
parameter values in quotes on the Content-type line. This is not
always necessary, but never hurts.
Although it looks like there's not always quotes added in the multipart package:
// FormDataContentType returns the Content-Type for an HTTP
// multipart/form-data with this Writer's Boundary.
func (w *Writer) FormDataContentType() string {
return "multipart/form-data; boundary=" + w.boundary
}
So it might be that FormDataContentType returns invalid parameters according to RFC 2045? Might be worth re-opening (maybe another issue) and someone else have a look at this because I'm just a random person on the internet.
https://play.golang.org/p/tC-Ri26iiTo
Looking at RFC 2046, parentheses are valid boundary characters:
https://tools.ietf.org/html/rfc2046#section-5.1.1:
Indeed, the
SetBoundary
function in the multipart package checks the boundary is valid, and explicitly lets '(' and ')' pass through.If someone else double-checks my work and confirms this is a bug, I'm happy to fix it.
The text was updated successfully, but these errors were encountered: