W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Issue 194: restricting allowed characters in quoted-pair

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 16 Sep 2009 16:34:52 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <28D59879-031D-423F-B3ED-7922797A3515@mnot.net>
To: Roy T. Fielding <fielding@gbiv.com>
So, strict BNF with a note in prose that old implementations may quote  
other characters? Works for me.


On 16/09/2009, at 4:23 PM, Roy T. Fielding wrote:

> On Sep 15, 2009, at 10:43 PM, Mark Nottingham wrote:
>
>> Yeah, what Julian said; I'd like to do this, but am concerned about  
>> what it would mean.
>
> It would mean that sending other quoted characters would no
> longer comply with the protocol.  Since I don't know of any
> implementations that quote other characters, that's fine with me.
>
> It also means that recipients of other quoted characters should
> consider the backslash to be used in error, which is probably a
> good thing since the only reason to backslash other characters
> on purpose is to trigger a security hole.
>
>> Can we keep it (relatively) open in BNF, and caution against  
>> quoting anything but DQUOTE in prose?
>>
>> Not a great solution, but...
>
> We could, but how does that help implementations?  I'd rather
> be more conservative in the ABNF and let Postel's Law influence
> the prose.  I suspect that other uses of backslash are not
> intended to be quoting in any case, so the recipient is probably
> better off treating them as two characters.  e.g., DOS pathnames.
>
> ....Roy
>


--
Mark Nottingham     http://www.mnot.net/
Received on Wednesday, 16 September 2009 06:35:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:10 GMT