top | item 46714908

(no title)

nick238 | 1 month ago

Didn't know this. It kind reminds me of MIME multipart messages (used in email attachments, MMS, etc.) where the header includes a "boundary" tag which the parser will look for to terminate the part. It feels strange, like it could be some injection risk where if the file knew what the boundary was going to be, it could desync the bounds and turn one malicious, inactive file into one or more bad files.

discuss

manwe150|1 month ago

I believe the spec intends that a decent mail handler is required to scan the text and make sure the delimiter is not present or pick a different one. Or use a different encoding (eg base64) to prevent conflicts if you want streaming ability. Although bugs of course could break the best of intentions