Julian Reschke wrote: > ... OK, so my understanding is that we disallow all control characters except HTAB in comment and quoted-string, escaped or not. Proposed patch: <http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/173/173.diff>. Relevant changes in Part 1: -- snip -- A string of text is parsed as a single word if it is quoted using double-quote marks. quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE qdtext = WSP / %x21 / %x23-5B / %x5D-7E / obs-text ; WSP / <VCHAR except DQUOTE and "\"> / obs-text obs-text = %x80-FF The backslash character ("\") can be used as a single-character quoting mechanism only within quoted-string and comment constructs: quoted-pair = "\" ( WSP / VCHAR / obs-text ) Note that quoted-pair includes those characters otherwise disallowed in quoted-string or comment (Section 3.2). ... Comments can be included in some HTTP header fields by surrounding the comment text with parentheses. Comments are only allowed in fields containing "comment" as part of their field value definition. comment = "(" *( ctext / quoted-pair / comment ) ")" ctext = WSP / %x21-27 / %x2A-5B / %x5D-7E / obs-text ; WSP / <VCHAR except "(", ")", and "\"> / obs-text ... Rules about implicit linear whitespace between certain grammar productions have been removed; now it's only allowed when specifically pointed out in the ABNF. Control characters other than HTAB are no longer allowed in comment and quoted-string text (escaped or not). Non-ASCII content in header fields and reason phrase has been obsoleted and made opaque (the TEXT rule was removed) (Section 1.2.2) -- snip -- Feedback appreciated, JulianReceived on Tuesday, 25 August 2009 13:37:03 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT