[Esd-l] Sanitizer somehow left a .doc extension on a document

Brett Glass brett at lariat.org
Wed Oct 3 19:13:02 PDT 2001

Just received a message in which the defanging done by John's
"sanitizer" seems to have malfunctioned. The "defanging"
wound up in the middle of the file name rather than at the 
end, leaving an attachment with a clickable .doc extension.
The MIME headers came through like this:

Content-type: multipart/mixed;
X-UIDL: ba1601f780df7de19b28f46aef36318a

  Content-type: application/msword; name="default.txt";
Content-Disposition: attach; filename="cgiperl_C_XMLresume.6373DEFANGED-doc"

and the attachment came through with the file name




More information about the esd-l mailing list