W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: #173: CR and LF in chunk extension values

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Tue, 11 Aug 2009 00:50:54 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Bjoern Hoehrmann <derhoermi@gmx.net>
Message-Id: <1249944654.7397.55.camel@henriklaptop.lan>
tis 2009-08-11 klockan 05:31 +1000 skrev Mark Nottingham:
> This was discussed in Stockholm, and there was agreement in the room  
> that the proper way to address this is to disallow CR and LF in *any*  
> quoted-string.
> 
> Comments?

Escaped newlines or \0 characters in the form of quoted-pair very likely
to cause many parsers to fail no matter where these are seen. I know I
have always understood this as a mechanism intended for quoting special
characters like " ( and ),  and not including CTLs.

Regarding chunked encoding allowing any newlines there is a very very
bad idea. Folding is not supported there, and no one expects to see
newlines in the middle of a chunk header quoted or not.

I would propose changing quoted-pair to restrict the allowable set to
non-CTLs to match most expectations on what values may be seen, not only
excluding CR or LF.

    quoted-pair  = "\" <any CHAR except CTLs>

instead of

    quoted-pair  = "\" CHAR

Regards
Henrik
Received on Monday, 10 August 2009 22:51:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT