W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: #173: CR and LF in chunk extension values

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 25 Aug 2009 15:29:40 +0200
Message-ID: <4A93E744.7040403@gmx.de>
To: Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>, Henrik Nordstrom <henrik@henriknordstrom.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Julian Reschke wrote:
> ...

OK, so my understanding is that we disallow all control characters 
except HTAB in comment and quoted-string, escaped or not.

Proposed patch: 
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/173/173.diff>.

Relevant changes in Part 1:

-- snip --

    A string of text is parsed as a single word if it is quoted using
    double-quote marks.

      quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
      qdtext         = WSP / %x21 / %x23-5B / %x5D-7E / obs-text
                     ; WSP / <VCHAR except DQUOTE and "\"> / obs-text
      obs-text       = %x80-FF

    The backslash character ("\") can be used as a single-character
    quoting mechanism only within quoted-string and comment constructs:

      quoted-pair    = "\" ( WSP / VCHAR / obs-text )

    Note that quoted-pair includes those characters otherwise disallowed
    in quoted-string or comment (Section 3.2).

...

    Comments can be included in some HTTP header fields by surrounding
    the comment text with parentheses.  Comments are only allowed in
    fields containing "comment" as part of their field value definition.

      comment        = "(" *( ctext / quoted-pair / comment ) ")"
      ctext          = WSP / %x21-27 / %x2A-5B / %x5D-7E / obs-text
                     ; WSP / <VCHAR except "(", ")", and "\"> / obs-text

...

    Rules about implicit linear whitespace between certain grammar
    productions have been removed; now it's only allowed when
    specifically pointed out in the ABNF.  Control characters other than
    HTAB are no longer allowed in comment and quoted-string text (escaped
    or not).  Non-ASCII content in header fields and reason phrase has
    been obsoleted and made opaque (the TEXT rule was removed)
    (Section 1.2.2)

-- snip --

Feedback appreciated,

Julian
Received on Tuesday, 25 August 2009 13:37:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT