Sergey Schetinin <ser...@maluke.com> added the comment: I've dug into the RFCs and tested various browsers.
RFC 2388 (the one defining multipart/form-data) says: Field names originally in non-ASCII character sets may be encoded within the value of the "name" parameter using the standard method described in RFC 2047. RFC 2047 in turn defines the coding sometimes seen in email headers ("=?iso-8859-1?q?this is some text?="). That means that this report is invalid. And I was misled by the bug that belongs to Google Chrome (which is the browser I was doing initial testing with). I tested this with the following html form: <form action="handle" method="POST" enctype="multipart/form-data"> <button name='"%22' type="submit" value="">Test</button> </form> Here are the headers submitted by various browsers: IE 8: Content-Disposition: form-data; name=""%22" Firefox 4.0b11: Content-Disposition: form-data; name="\"%22" Chrome 9: Content-Disposition: form-data; name="%22%22" And the Chrome one is the one clearly invalid. cgi still does no decoding of parameters as per RFC 2047, but browsers do not use that encoding for non-ASCII field names anyway (they just put the field names in UTF-8), so that might be unnecessary. Please close this bug at your own judgement. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11269> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com