NEW ISSUE: WS in quoted-pair, was: ISSUE 31: qdtext BNF

Dan Winship wrote:
> Julian Reschke wrote:
>> (see <http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31>)
> 
> I think quoted-pair is broken too. Merging your fix into RFC2616 gives:
> 
>        quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
>        qdtext         = <any TEXT excluding '"' and '\'>
>        quoted-pair    = "\" CHAR
>        CHAR           = <any US-ASCII character (octets 0 - 127)>
> 
> but that means you can do this:
> 
>        HTTP/1.1 200 OK
>        Warning: "Don't misparse \
>        this: it's really a single header!"
> 
> (if the receiving implementation follows the recommendations in 19.3 you
> need to escape the LF instead of the CR, but it's otherwise the same.)
> 
> RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL.
> We should probably make the same change.

Dan,

good catch, you're probably right. I guess this deserves it's own issue...

Best regards, Julian

Received on Friday, 20 April 2007 15:27:58 UTC