W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

#173: CR and LF in chunk extension values

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 11 Aug 2009 05:31:38 +1000
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>
Message-Id: <47BD0224-8DC0-44E3-85C9-CC8EC83F083C@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
This was discussed in Stockholm, and there was agreement in the room  
that the proper way to address this is to disallow CR and LF in *any*  
quoted-string.

Comments?


On 25/06/2009, at 3:53 PM, Mark Nottingham wrote:

> Now #173:
>  http://trac.tools.ietf.org/wg/httpbis/trac/ticket/173
>
> We probably need to have a more general discussion of chunk- 
> extensions as well...
>
>
> On 18/06/2009, at 4:07 AM, Bjoern Hoehrmann wrote:
>
>> Hi,
>>
>> A chunk extension value is defined as either token or quoted- 
>> string. A
>> quoted-string allows CRs and LFs for folding and in escaped form  
>> under
>> RFC 2616; we have since outlawed the escaped form, and in headers,  
>> but
>> not chunk extension values, we now outlaw producing them for  
>> folding as-
>> well. Accepting and processing the latter correctly still appears  
>> to be
>> a SHOULD level requirement; I am not sure about the former.
>>
>> It appears that implementations usually just read a line and ignore  
>> any-
>> thing after the first ";" character at the beginning of a chunk.  
>> Perhaps
>> the specification should use a CRLF-free quoted-string instead for  
>> this;
>> if not, the considerations for obs-fold should apply to chunk  
>> extension
>> values aswell, or obs-fold should not be used for chunk extension  
>> values
>> (which would require a separate quoted-string production aswell).
>>
>> regards,
>> -- 
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>>
>
>
> --
> Mark Nottingham     http://www.mnot.net/
>
>


--
Mark Nottingham     http://www.mnot.net/
Received on Monday, 10 August 2009 19:32:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT