diff --git a/lib/incoming_form.js b/lib/incoming_form.js
index b4234456..e3c8019a 100644
--- a/lib/incoming_form.js
+++ b/lib/incoming_form.js
@@ -352,10 +352,11 @@ IncomingForm.prototype._initMultipart = function(boundary) {
     headerField = headerField.toLowerCase();
     part.headers[headerField] = headerValue;
 
-    var m = headerValue.match(/\bname="([^"]+)"/i);
+    // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+    var m = headerValue.match(/\bname=("([^"]*)"|([^\(\)<>@,;:\\"\/\[\]\?=\{\}\s\t/]+))/i);
     if (headerField == 'content-disposition') {
       if (m) {
-        part.name = m[1];
+        part.name = m[2] || m[3] || '';
       }
 
       part.filename = self._fileName(headerValue);
@@ -421,10 +422,12 @@ IncomingForm.prototype._initMultipart = function(boundary) {
 };
 
 IncomingForm.prototype._fileName = function(headerValue) {
-  var m = headerValue.match(/\bfilename="(.*?)"($|; )/i);
+  // matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+  var m = headerValue.match(/\bfilename=("(.*?)"|([^\(\)<>@,;:\\"\/\[\]\?=\{\}\s\t/]+))($|;\s)/i);
   if (!m) return;
 
-  var filename = m[1].substr(m[1].lastIndexOf('\\') + 1);
+  var match = m[2] || m[3] || '';
+  var filename = match.substr(match.lastIndexOf('\\') + 1);
   filename = filename.replace(/%22/g, '"');
   filename = filename.replace(/&#([\d]{4});/g, function(m, code) {
     return String.fromCharCode(code);