mirror of
https://github.com/django/django.git
synced 2025-08-03 02:23:12 +00:00
8914b571eb
To use the simple `filename="..."` form, the value must conform to the
official grammar from RFC6266[^1]:
filename-parm = "filename" "=" value
value = <value, defined in [RFC2616], Section 3.6>
; token | quoted-string
The `quoted-string` definition comes from RFC 9110[^2]:
```
quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
qdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text
The backslash octet ("\") can be used as a single-octet quoting
mechanism within quoted-string and comment constructs. Recipients that
process the value of a quoted-string MUST handle a quoted-pair as if
it were replaced by the octet following the backslash.
quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text )
A sender SHOULD NOT generate a quoted-pair in a quoted-string except
where necessary to quote DQUOTE and backslash octets occurring within
that string.
```
That is, quoted strings are able to express horizontal tabs, space
characters, and everything in the range from 0x21 to 0x7e, expect for
0x22 (`"`) and 0x5C (`\`), which can still be expressed but must be
escaped with their own `\`.
We ignore the case of `obs-text`, which is defined as the range
0x80-0xFF, since its presence is there for permissive parsing of
accidental high-bit characters, and it should not be generated by
conforming implementations.
Transform this character range into a regex and apply it in addition
to the "is ASCII" check. This ensures that all simple filenames are
expressed in the simple format, and that all filenames with newlines
and other control characters are properly expressed with the
percent-encoded `filename*=...`form.
[^1]: https://datatracker.ietf.org/doc/html/rfc6266#section-4.1
[^2]: https://datatracker.ietf.org/doc/html/rfc9110#name-quoted-strings
|
||
|---|---|---|
| .. | ||
| archives | ||
| eggs | ||
| files | ||
| test_module | ||
| traversal_archives | ||
| __init__.py | ||
| deconstructible_classes.py | ||
| models.py | ||
| test_archive.py | ||
| test_autoreload.py | ||
| test_choices.py | ||
| test_connection.py | ||
| test_crypto.py | ||
| test_datastructures.py | ||
| test_dateformat.py | ||
| test_dateparse.py | ||
| test_deconstruct.py | ||
| test_decorators.py | ||
| test_duration.py | ||
| test_encoding.py | ||
| test_feedgenerator.py | ||
| test_functional.py | ||
| test_hashable.py | ||
| test_html.py | ||
| test_http.py | ||
| test_inspect.py | ||
| test_ipv6.py | ||
| test_itercompat.py | ||
| test_lazyobject.py | ||
| test_lorem_ipsum.py | ||
| test_module_loading.py | ||
| test_no_submodule.py | ||
| test_numberformat.py | ||
| test_os_utils.py | ||
| test_regex_helper.py | ||
| test_safestring.py | ||
| test_simplelazyobject.py | ||
| test_termcolors.py | ||
| test_text.py | ||
| test_timesince.py | ||
| test_timezone.py | ||
| test_tree.py | ||
| utils.py | ||