mime: RFC 2045 vs 2616 confusion in FormatMediaType #43128
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
So ... this is like the definition of pedantic, but:
The list of characters that can't be in tokens in RFC 2045 [MIME] is (https://tools.ietf.org/html/rfc2045 section 5.1):
()<>@,;:\"/[]?=
as implemented in https://github.com/golang/go/blob/master/src/mime/grammar.go .
The list of characters that can't be in tokens in RFC 2616 [HTTP/1.1] is (https://tools.ietf.org/html/rfc2616 section 2.2):
()<>@,;:\"/[]?={}
Note the extra 2 characters. This impacts
mime.FormatMediaType
which is advertised as usable for either RFC in that it might try to stick a curly brace into a string which is otherwise considered a token.My particular use-case for this is
which is used as the value of the
Content-Disposition
header. So for exampleattachment; filename=foo
is valid, while
attachment; filename=foo{
is not -- that one would require quoting, at least per the spec. See sample code in https://play.golang.org/p/TbkEuMijPPb .
I have no idea if any web browsers care about this. I happened upon this when trying to figure out how filename characters need to be escaped properly before finding this function in the go standard library and then comparing it to the spec.
The text was updated successfully, but these errors were encountered: