intertwingly

Yesterday, I collaborated with Joshua Peek on improving the parsing of the Content-Disposition header in Rack.  Content-Disposition is used on file upload scenarios.

The previous state was that rack used a simplistic regular expression that didn’t match either the RFC or what browsers actually sent.  What the new code does is first try to strictly follow RFC 2183.  When that fails, it tries to follow what browsers actually do.  And in this case, what browsers actually do is slap quotes around the file name, independent of whether the file name contains backslashes or quotes.  A notable exception to this is recent versions of Chrome.