As of Firefox 81 I intend to update our parsing of Content-Disposition
headers so that spaces/tabs in unquoted values are treated as part of
the value (rather than as a separator, cutting off the value).
This is what Blink and Webkit already do.
Bug for this change: https://bugzilla.mozilla.org/show_bug.cgi?id=1440677
More context: the HTTP RFC spec for Content-Disposition (RFC6266) does
not allow parameter values to contain spaces unless the entire value is
quoted. However, a significant number of web services do not follow the
spec, and so we get a steady flow of bugreports that Firefox cuts off
the server-suggested `Some File.txt` filename into `Some`, while it
"just works" in other browsers.
This change will align our behaviour with what Blink and Webkit do. Anne
has filed https://github.com/httpwg/http-extensions/issues/1252
discuss what, if any, change we should make in the relevant
specification. Broadly, it seems developers working on browsers agree
that a header with such whitespace use is not valid given the spec, the
question is how to deal with that invalidity. Either way, necko's
pre-patch behaviour to cut off at whitespace is not likely to be
followed by other user agents given the consequences for users. In the
meantime, we felt we should at least remove the user-felt impact.