Sergey Schetinin <ser...@maluke.com> added the comment:
I've dug into the RFCs and tested various browsers.
RFC 2388 (the one defining multipart/form-data) says:
Field names originally in non-ASCII character sets may be encoded
within the value of the "name" parameter using the standard method
described in RFC 2047.
RFC 2047 in turn defines the coding sometimes seen in email headers
("=?iso-8859-1?q?this is some text?=").
That means that this report is invalid. And I was misled by the bug that
belongs to Google Chrome (which is the browser I was doing initial testing
with).
I tested this with the following html form:
<form action="handle" method="POST" enctype="multipart/form-data">
<button name='"%22' type="submit" value="">Test</button>
</form>
Here are the headers submitted by various browsers:
IE 8:
Content-Disposition: form-data; name=""%22"
Firefox 4.0b11:
Content-Disposition: form-data; name="\"%22"
Chrome 9:
Content-Disposition: form-data; name="%22%22"
And the Chrome one is the one clearly invalid.
cgi still does no decoding of parameters as per RFC 2047, but browsers do not
use that encoding for non-ASCII field names anyway (they just put the field
names in UTF-8), so that might be unnecessary.
Please close this bug at your own judgement.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue11269>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
