Escape slash in filename header

2026-06-26 09:49:26 +08:00 · 2026-06-05 02:38:43 +05:30 · 2026-06-05 02:38:43 +05:30 · 11ee21567b
commit 11ee21567b
parent 4c8739419b
2 changed files with 8 additions and 1 deletions
--- a/tests-unit/prompt_server_test/view_image_header_test.py
+++ b/tests-unit/prompt_server_test/view_image_header_test.py
@ -29,3 +29,10 @@ def test_view_content_disposition_adds_utf8_filename_parameter():

    assert 'filename="caf_.png"' in header
    assert "filename*=UTF-8''caf%C3%A9.png" in header
+
+
+def test_view_content_disposition_escapes_path_separators():
+    header = content_disposition_header("nested/image.png", "inline")
+
+    assert 'filename="nested/image.png"' in header
+    assert "filename*=UTF-8''nested%2Fimage.png" in header
--- a/utils/http_headers.py
+++ b/utils/http_headers.py
@ -14,7 +14,7 @@ def content_disposition_header(filename: str, disposition: str) -> str:
    safe_filename = _CONTROL_CHARS_RE.sub("_", filename or "")
    safe_filename = _QUOTED_FILENAME_UNSAFE_RE.sub("_", safe_filename)
    fallback_filename = _NON_ASCII_RE.sub("_", safe_filename)
-    encoded_filename = urllib.parse.quote(safe_filename)
+    encoded_filename = urllib.parse.quote(safe_filename, safe="")
    return (
        f'{disposition}; filename="{fallback_filename}"; '
        f"filename*=UTF-8''{encoded_filename}"