MCPcopy Create free account
hub / github.com/form-data/form-data / escapeHeaderParam

Function escapeHeaderParam

lib/form_data.js:26–28  ·  view source on GitHub ↗

* Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field * name or filename can not break out of its header line to inject headers or * smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding. * * @param {string} str - the parameter value to escape

(str)

Source from the content-addressed store, hash-verified

24 * @returns {string} the escaped value
25 */
26function escapeHeaderParam(str) {
27 return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22');
28}
29
30/**
31 * Create readable "multipart/form-data" streams.

Callers 1

form_data.jsFile · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…