diff options
| author | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2017-03-13 22:09:22 -0400 |
|---|---|---|
| committer | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2017-03-13 22:11:13 -0400 |
| commit | 3c09de63bc13f224fe98dce2e402050d4006b9cb (patch) | |
| tree | fed21f2f7a81291072f19218519650ca042fa444 | |
| parent | e3fc312c8e31b4c99e3ecbdcbb890ffc2dc51f05 (diff) | |
| download | patchfoo-3c09de63bc13f224fe98dce2e402050d4006b9cb.tar.gz patchfoo-3c09de63bc13f224fe98dce2e402050d4006b9cb.zip | |
encode filename better
| -rw-r--r-- | lib/serve.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/serve.js b/lib/serve.js index a33dd71..89f7f09 100644 --- a/lib/serve.js +++ b/lib/serve.js @@ -44,6 +44,10 @@ function ctype(name) { } } +function encodeDispositionFilename(fname) { + return '"' + fname.replace(/\/g/, '\\\\').replace(/"/, '\\\"') + '"' +} + function Serve(app, req, res) { this.app = app this.req = req @@ -507,7 +511,7 @@ Serve.prototype.blob = function (id) { type = type && mime.lookup(type) if (type) self.res.setHeader('Content-Type', type) if (self.query.name) self.res.setHeader('Content-Disposition', - 'inline; filename='+encodeURIComponent(self.query.name)) + 'attachment; filename='+encodeDispositionFilename(self.query.name)) self.res.setHeader('Cache-Control', 'public, max-age=315360000') self.res.setHeader('etag', id) self.res.writeHead(200) |