Download button sanitizes file name?

I noticed that when I pass a filename to st.download_button, it actually sanitizes the file name so that it can be saved to my computer, e.g. colons become underscores. This is a great feature, but I didnโ€™t expect it so I already wrote my own sanitization function. Should this feature be mentioned in the documentation?

2 Likes

Hey @kevinlinxc,

Thanks for flagging this! Feel free to create a docs request here

We do some processing when file_name parameter for st.download_button is not provided, and we generate it from the page title.

When file_name parameter for st.download_button is explicitly provided, we donโ€™t do any sanitization for that.
But please note that according to HTTP specification RFC 6266

Recipients SHOULD strip or replace character sequences that are known to cause confusion both in user interfaces and in filenames, such as control characters and leading and trailing whitespace.

Other aspects recipients need to be aware of are names that have a special meaning in the file system or in shell commands, such as โ€œ.โ€ and โ€œโ€ฆโ€, โ€œ~โ€, โ€œ|โ€, and also device names. Recipients SHOULD ignore or substitute names like these.

So recipients (in our case browsers) sanitize it themselves based on their own rules (maybe dependent on OS, e.t.c.)

For example in MacOS chrome replace one:two:three to one_two_three, and Firefox replaces it with one two three
In general, our recommendation is not to use special characters in filenames when you set the file name parameter.

3 Likes

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.