Let's take the following example of
multipart/form-data
href="http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2"
rel="noreferrer">taken from
w3.com:
Content-Type:
multipart/form-data;
boundary=AaB03x
--AaB03x
Content-Disposition:
form-data;
name="submit-name"
Larry
--AaB03x
Content-Disposition:
form-data; name="files"; filename="file1.txt"
Content-Type:
text/plain
... contents of file1.txt
...
--AaB03x--
It's
pretty straight forward, but let's say you are writing code that implements this and
creates such a request from scratch. Let's assume file1.txt
is
created by a user, and we have no control over its
contents.
What if the text file
file1.txt
contains the string
--AaB03x
? You likely generated the boundary
AaB03x
randomly, but let's assume a href="http://en.wikipedia.org/wiki/Infinite_monkey_theorem" rel="noreferrer">"million
monkeys entering a million web forms"
scenario.
Is there a
standard way of dealing with this improbably but still
possible situation?
Should the
text/plain
(or even, potentially something like
image/jpeg
or
application/octet-stream
) be "encoded" or some of the
information within "escaped" in some sort of
way?
Or should the developer always
search the contents of the file for the boundary, and then repeatedly keep picking a new
randomly generated boundary until the chosen string cannot be found within the
file?
No comments:
Post a Comment