- From: Dan Winship <dan.winship@gmail.com>
- Date: Fri, 20 Apr 2007 11:12:21 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Julian Reschke wrote:
> (see <http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31>)
I think quoted-pair is broken too. Merging your fix into RFC2616 gives:
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext = <any TEXT excluding '"' and '\'>
quoted-pair = "\" CHAR
CHAR = <any US-ASCII character (octets 0 - 127)>
but that means you can do this:
HTTP/1.1 200 OK
Warning: "Don't misparse \
this: it's really a single header!"
(if the receiving implementation follows the recommendations in 19.3 you
need to escape the LF instead of the CR, but it's otherwise the same.)
RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL.
We should probably make the same change.
-- Dan
Received on Friday, 20 April 2007 15:12:31 UTC