<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK] Downloads attributes tests are failing"
   href="https://bugs.webkit.org/show_bug.cgi?id=168871#c5">Comment # 5</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK] Downloads attributes tests are failing"
   href="https://bugs.webkit.org/show_bug.cgi?id=168871">bug 168871</a>
              from <span class="vcard"><a class="email" href="mailto:cdumez&#64;apple.com" title="Chris Dumez &lt;cdumez&#64;apple.com&gt;"> <span class="fn">Chris Dumez</span></a>
</span></b>
        <pre>Comment on <span class=""><a href="attachment.cgi?id=302784&amp;action=diff" name="attach_302784" title="Patch">attachment 302784</a> <a href="attachment.cgi?id=302784&amp;action=edit" title="Patch">[details]</a></span>
Patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=302784&amp;action=review">https://bugs.webkit.org/attachment.cgi?id=302784&amp;action=review</a>

<span class="quote">&gt; LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt:2
&gt; +Downloading URL with suggested filename &quot;test2\abe.png&quot;</span >

Seems unfortunate that backslash is not sanitized but I guess you guys do not have to worry about Windows?

<span class="quote">&gt;&gt; Source/WebCore/ChangeLog:9
&gt;&gt; +        filenameFromHTTPContentDisposition().
&gt; 
&gt; What is buggy about it? Shouldn't we fix that bug, especially if it's affecting all ports? It sounds like it requires a adding FIXME at least?
&gt; 
&gt; I'd rather use libsoup to get the filename *inside* the implementation of filenameFromHTTPContentDisposition if need be. Avoiding use of filenameFromHTTPContentDisposition feels like a workaround.</span >

Is it buggy or does it just not sanitize? For what it is worth, on mac and iOS, we also let CFNetwork deal with this. CFNetwork takes care of sanitizing for us and it has the benefit of being consistent between the 2 code paths: regular content disposition header &amp; download attribute.

<span class="quote">&gt; Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp:99
&gt; +    SoupMessageHeaders* soupHeaders = soup_message_headers_new(SOUP_MESSAGE_HEADERS_RESPONSE);</span >

Not familiar with the GTK code base but why do you need to create your own soup headers? Cannot you just get the ones of the underlying soup response?</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>