fix: prevent modification of invalid Content-Disposition header to avoid potential parsing errors. #42026
+26
−6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Change
Introduce validation for the Content-Disposition header to ensure it's parsed correctly before using the extracted filename. This will improve code robustness and prevent potential issues.
Checklist
npm test
passes - unable to run it -Release Notes
Notes: Prevent modification of invalid Content-Disposition header to avoid potential parsing errors.
Additional info
I was unable to run the tests:
Triggering runners: main
OUT_DIR is: Release
yarn install v1.15.2
warning package.json: No license field
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
warning electron-test-main@0.1.0: No license field
[1/4] Resolving packages...
warning Resolution field "xml2js@0.5.0" is incompatible with requested version "xml2js@^0.4.17"
warning Resolution field "minimist@1.2.7" is incompatible with requested version "minimist@~0.0.1"
[2/4] Fetching packages...
error https://registry.yarnpkg.com/@nut-tree/libnut-win32/-/libnut-win32-2.5.2.tgz: Request failed "404 Not Found"
error https://registry.yarnpkg.com/@nut-tree/libnut/-/libnut-2.5.2.tgz: Request failed "404 Not Found"
error https://registry.yarnpkg.com/@nut-tree/nut-js/-/nut-js-3.1.2.tgz: Request failed "404 Not Found"
error https://registry.yarnpkg.com/@nut-tree/libnut-darwin/-/libnut-darwin-2.5.2.tgz: Request failed "404 Not Found"
error https://registry.yarnpkg.com/@nut-tree/libnut-linux/-/libnut-linux-2.5.2.tgz: Request failed "404 Not Found"
error https://registry.yarnpkg.com/@nut-tree/node-mac-permissions/-/node-mac-permissions-2.2.1.tgz: Request failed "404 Not Found"
info abstract-socket@2.1.1: The platform "win32" is incompatible with this module.
info "abstract-socket@2.1.1" is an optional dependency and failed compatibility check. Excluding it from installation.
info fsevents@2.3.2: The platform "win32" is incompatible with this module.
info "fsevents@2.3.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
error An unexpected error occurred: "ENOENT: no such file or directory, open 'C:\Users\user\AppData\Local\Yarn\Cache\v4\npm-@nut-tree-libnut-2.5.2-0e410c108bee31c57ca5923e409762ff223d70de\node_modules\@nut-tree\libnut\.yarn-metadata.json'".
info If you think this is a bug, please open a bug report with the information provided in "C:\src\electron\spec\yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.