On Mon, May 18, 2026 at 01:25:38PM +0200, Vincent Lefevre wrote:
Unprintable characters are already converted to '?' in the prompt, so that they will not appear in the filenames of saved attachments.Or can filenames with unprintable characters silently be created? In such a case, this could yield security issues, because some tools print such filenames directly to the terminal, thus potentially with harmful escape sequences.
I don't believe they can. In a quick scan of the content-disposition parser, I see it filtering unprintables in the code paths.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
