[Esd-l] Sanitizer somehow left a .doc extension on a document
brett at lariat.org
Wed Oct 3 19:13:02 PDT 2001
Just received a message in which the defanging done by John's
"sanitizer" seems to have malfunctioned. The "defanging"
wound up in the middle of the file name rather than at the
end, leaving an attachment with a clickable .doc extension.
The MIME headers came through like this:
Content-type: application/msword; name="default.txt";
Content-Disposition: attach; filename="cgiperl_C_XMLresume.6373DEFANGED-doc"
and the attachment came through with the file name
More information about the esd-l