mime: RFC 2045 vs 2616 confusion in FormatMediaType #43128
Comments
toothrot
added
the
NeedsInvestigation
|
Change https://golang.org/cl/300249 mentions this issue: |
|
I've made 28cbb62 which should fix this. |
|
So I've dug a bit deeper, and there is RFC 6266 (section 4.1), referring to RFC 5987 (section 3.2.1) which has been superseded and deprecated by RFC 8187 (section 3.2.1). |
So ... this is like the definition of pedantic, but:
The list of characters that can't be in tokens in RFC 2045 [MIME] is (https://tools.ietf.org/html/rfc2045 section 5.1):
()<>@,;:\"/[]?=as implemented in https://github.com/golang/go/blob/master/src/mime/grammar.go .
The list of characters that can't be in tokens in RFC 2616 [HTTP/1.1] is (https://tools.ietf.org/html/rfc2616 section 2.2):
()<>@,;:\"/[]?={}Note the extra 2 characters. This impacts
mime.FormatMediaTypewhich is advertised as usable for either RFC in that it might try to stick a curly brace into a string which is otherwise considered a token.My particular use-case for this is
which is used as the value of the
Content-Dispositionheader. So for exampleattachment; filename=foois valid, while
attachment; filename=foo{is not -- that one would require quoting, at least per the spec. See sample code in https://play.golang.org/p/TbkEuMijPPb .
I have no idea if any web browsers care about this. I happened upon this when trying to figure out how filename characters need to be escaped properly before finding this function in the go standard library and then comparing it to the spec.
The text was updated successfully, but these errors were encountered: