W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: Escaping control characters in HTTP Digest (RFC 2617) (was: Escaping <\> in HTTP Digest (RFC 2617))

From: Robert Sayre <sayrer@gmail.com>
Date: Thu, 24 May 2007 12:57:35 -0400
Message-ID: <68fba5c50705240957u2696c054n5d4c082f40304e2@mail.gmail.com>
To: "Eric Lawrence" <ericlaw@exchange.microsoft.com>
Cc: "Alexey Melnikov" <alexey.melnikov@isode.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org> 

On 3/23/07, Eric Lawrence <ericlaw@exchange.microsoft.com> wrote:
>
> IE7 uses WDigest.dll, which escapes the \ into \\.
> IE6 and previous versions relied on Digest.dll, which did not escape the \.

What about control characters? Is there any reason to allow them,
escaped or not? I'm actually having problems with malicious
XMLHttpRequest scripts doing this.

-- 

Robert Sayre
Received on Thursday, 24 May 2007 16:57:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:09 GMT