W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: ISSUE 31: qdtext BNF

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 12 Jun 2007 22:40:00 +1000
Message-Id: <6040482E-4923-4D49-A064-BBAB1EB40A36@mnot.net>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
To: Dan Winship <dan.winship@gmail.com>

http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i64

On 21/04/2007, at 1:12 AM, Dan Winship wrote:

>
> Julian Reschke wrote:
>> (see <http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31>)
>
> I think quoted-pair is broken too. Merging your fix into RFC2616  
> gives:
>
>        quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
>        qdtext         = <any TEXT excluding '"' and '\'>
>        quoted-pair    = "\" CHAR
>        CHAR           = <any US-ASCII character (octets 0 - 127)>
>
> but that means you can do this:
>
>        HTTP/1.1 200 OK
>        Warning: "Don't misparse \
>        this: it's really a single header!"
>
> (if the receiving implementation follows the recommendations in  
> 19.3 you
> need to escape the LF instead of the CR, but it's otherwise the same.)
>
> RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and  
> NUL.
> We should probably make the same change.
>
> -- Dan
>


--
Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 12 June 2007 12:40:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT