pippo icon indicating copy to clipboard operation
pippo copied to clipboard
verified publisher icon pippo-java

Response filename not escaped in Content-Disposition Header

Open lambdaupb opened this issue 6 years ago • 1 comments

Related to #344 and #344

    public Response filenameHeader(String filename) {
        if (filename != null && !filename.isEmpty()) {
            header(HttpConstants.Header.CONTENT_DISPOSITION, "attachment; filename=\"" + filename + "\"");
        } else {
            header(HttpConstants.Header.CONTENT_DISPOSITION, "attachment; filename=\"\"");
        }

        return this;
    }

Does not escape the filename. For example " inside it will break header parsing for the client.

See https://stackoverflow.com/questions/93551/how-to-encode-the-filename-parameter-of-content-disposition-header-in-http

Also FileItem does not un-escape the filename upon reading the Content-Disposition Header.

lambdaupb avatar Oct 08 '19 20:10 lambdaupb

@lambdaupb Can you supply a PR with a solution to this problem? Thanks!

decebals avatar Nov 05 '19 00:11 decebals