* Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field * name or filename can not break out of its header line to inject headers or * smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding. * * @param {string} str - the parameter value to escape
(str)
| 24 | * @returns {string} the escaped value |
| 25 | */ |
| 26 | function escapeHeaderParam(str) { |
| 27 | return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22'); |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * Create readable "multipart/form-data" streams. |
no outgoing calls
no test coverage detected
searching dependent graphs…