#173: CR and LF in chunk extension values

This was discussed in Stockholm, and there was agreement in the room  
that the proper way to address this is to disallow CR and LF in *any*  
quoted-string.

Comments?


On 25/06/2009, at 3:53 PM, Mark Nottingham wrote:

> Now #173:
>  http://trac.tools.ietf.org/wg/httpbis/trac/ticket/173
>
> We probably need to have a more general discussion of chunk- 
> extensions as well...
>
>
> On 18/06/2009, at 4:07 AM, Bjoern Hoehrmann wrote:
>
>> Hi,
>>
>> A chunk extension value is defined as either token or quoted- 
>> string. A
>> quoted-string allows CRs and LFs for folding and in escaped form  
>> under
>> RFC 2616; we have since outlawed the escaped form, and in headers,  
>> but
>> not chunk extension values, we now outlaw producing them for  
>> folding as-
>> well. Accepting and processing the latter correctly still appears  
>> to be
>> a SHOULD level requirement; I am not sure about the former.
>>
>> It appears that implementations usually just read a line and ignore  
>> any-
>> thing after the first ";" character at the beginning of a chunk.  
>> Perhaps
>> the specification should use a CRLF-free quoted-string instead for  
>> this;
>> if not, the considerations for obs-fold should apply to chunk  
>> extension
>> values aswell, or obs-fold should not be used for chunk extension  
>> values
>> (which would require a separate quoted-string production aswell).
>>
>> regards,
>> -- 
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>>
>
>
> --
> Mark Nottingham     http://www.mnot.net/
>
>


--
Mark Nottingham     http://www.mnot.net/

Received on Monday, 10 August 2009 19:32:18 UTC