-
-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
\u2028 in filename kills header parsing #664
Comments
How did you manage to put that character in a filename ? |
@GrosSacASac, well - I didn't, but I noticed the character in some legitimate files uploaded by a client. I noticed them since I used this library to migrate a big number of files from a legacy system. This legacy system had saved the upload filenames, so I believe at least some clients (OS/browser combinations) might be able to produce such stuff. Unfortunately, I think they were uploaded about two years ago, so I didn't have detailed logs about e.g. user-agent. So, quite an edge case. |
At least on macos, one can create a file with this char in the name with e.g.:
Checking:
NB: |
I did some additional testing and decided it is not worth it to handle this case because
From my findings: You got Request aborted. because it threw an error somewhere. But \u2028 can be handled gracefully. I am going to update the examples a bit to better handle common errors. Code I used to manually test import "../patchNode/fetch.js";
import FormData from 'form-data';
var form = new FormData();
form.append('file', `Hello`, {
filename: String.raw`
.txt`, // put here \u2028 (github removes it)
contentType: 'text/plain',
});
form.append('my_field', 'my value');
fetch(`http://localhost:3000/api/upload`, {
method: `POST`,
body: form,
headers: form.getHeaders(),
}).then(response => {
if(!response.ok) {
throw response.statusText;
}
return response.text();
}).then(console.log).catch(console.error); and form.on("fileBegin",(formName, file) => {
if (file.name === null) {
file.name = "invalid-characters"
}
}) |
@tunnckoCore How to handle this lint error https://github.com/node-formidable/formidable/runs/1882614195 ? |
I think it was // eslint-disable-next-line no-param-reassign
file.name = 'dsadasd'; |
Support plan
Enterprise): community
Context
What are you trying to achieve or the steps to reproduce?
Some user-agents seem to allow sending filenames with the infamous
\u2028 LINE SEPARATOR
. It seems that the header parser dies withRequest aborted
on such filenames, since the character is parsed as a line feed. The value passed to_getFileName
is cut at the\u2028
.I tried to modify
test/fixture/js/special-chars-in-filename.js
and*.http
files to add a test but ran out of time. To test, try copy-pasting a literal\u2028
(not the string but the actual character) to one of the*.http
files.What was the result you got?
The header parser dies with
Request aborted
.What result did you expect?
The filename is reported even if it contains
\u2028
.The text was updated successfully, but these errors were encountered: