You Are My Sofa

Friday, March 05, 2010

Multipart POST: Form variable encoding

Don't use quotation marks in your form variable names.

The input:
<input type=hidden name='the"hidden"value<>' value="2!!!%eeeeee">

Gives the output:
Firefox 3.5.6:
Content-Disposition: form-data; name="the"hidden"value<>"

Opera 10.50 alpha 1:
Content-Disposition: form-data; name="the\"hidden\"value<>"

Chrome 4.0.249.43:
Content-Disposition: form-data; name="the%22hidden%22value<>"

Labels:

posted by Mike Burke at 4:54 PM

0 Comments:

Post a Comment

<< Home