- From: Geoffrey Sneddon <foolistbar@googlemail.com>
- Date: Mon, 29 Oct 2007 18:37:04 +0000
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
On 29 Oct 2007, at 02:06, Henrik Nordstrom wrote: > To compare two quoted-string elements you need to dequote them > including > removing escapes, but in practice it doesn't matter much as people are > not usually escaping things within quoted-string unless needed (but > sometimes forget when needed, partly due to poor specifications, > already > fixed). > > This is quite notable in for example Digest authentication where > proper > handling of quoted-string is required for the hashes to compute > properly > as they are based on the value as such and not the quoted-string > representation. (i.e a login name with " or \ in it..) > > It's in theory also needed for ETag processing, but it's less > noticeable > as impacts on the protocol of getting this wrong is pretty minimal. Can we put something like the above quotation into the spec, so it is actually spelt out somewhere (as it currently isn't, at all)? All the best, Geoffrey Sneddon.
Received on Monday, 29 October 2007 18:37:28 UTC