jonathanjouty
commented
5 years ago BTW I'm happy to provide a PR with fixes, later this week, hopefully tomorrow.
Closed jonathanjouty closed 4 years ago
jonathanjouty
commented
5 years ago BTW I'm happy to provide a PR with fixes, later this week, hopefully tomorrow.
alpmestan
commented
4 years ago Thanks Jonathan! And sorry for the delay.
Even though the RFC [1] states that some special characters are allowed, today I encountered an implementation (while writing a client) that results in HTTP 500 whenever the boundary includes a comma (
,).I wouldn't be surprised if more implementations have parsing bugs that can cause issues like this, and perhaps it is better to use only alpha-numeric values?
To add some legitimacy to this problem, even Chromium has had to work around this issue: https://github.com/chromium/chromium/blob/6efa1184771ace08f3e2162b0255c93526d1750d/net/base/mime_util.cc#L662-L670
[1] Pg. 21: https://tools.ietf.org/html/rfc2046#section-5.1.1