W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Issue 194: restricting allowed characters in quoted-pair

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 27 Sep 2009 13:16:06 +0200
Message-ID: <4ABF4976.9080409@gmx.de>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
CC: Mark Nottingham <mnot@mnot.net>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Henrik Nordstrom wrote:
> fre 2009-09-25 klockan 14:40 +0200 skrev Julian Reschke:
> 
>> - whether that's purely advisory or a requirement (SHOULD?), I lean to 
>> the former, and
> 
> SHOULD == RECOMMENDED.
> 
> \ quoting more than needed is not an error, but not recommended as some
> applications may not understand \ quoting...
> 
>> - where exactly to state it, as quoted-pair is used both inside 
>> quoted-string and comment, and the characters that need escaping thus 
>> differ; one way to fix this would be to change the ABNF so "comment" 
>> gets it's own quoted-cpair rule.
> 
> Just a general statement that the producer SHOULD NOT \ quote other
> characters than the reserved ones for the type of data produced (comment
> or quoted-string).
> 
> There is no need to overdo this, and absolutely no reason to complicate
> the BNF for it.
> ...

OK, then.

So I have added the SHOULD NOT in both places, and -- to make things 
less confusing with respect to quoted-pair -- added quoted-cpair for use 
in comments (it's the same grammar, but comes with different prose).

See <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/702>

The actual text:

    A string of text is parsed as a single word if it is quoted using
    double-quote marks.

      quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
      qdtext         = OWS / %x21 / %x23-5B / %x5D-7E / obs-text
                     ; OWS / <VCHAR except DQUOTE and "\"> / obs-text
      obs-text       = %x80-FF

    The backslash character ("\") can be used as a single-character
    quoting mechanism only within quoted-string constructs:

      quoted-pair    = "\" ( WSP / VCHAR / obs-text )

    Producers SHOULD NOT escape characters that do not require escaping
    (DQUOTE and the backslash character).

and

    Comments can be included in some HTTP header fields by surrounding
    the comment text with parentheses.  Comments are only allowed in
    fields containing "comment" as part of their field value definition.

      comment        = "(" *( ctext / quoted-cpair / comment ) ")"
      ctext          = OWS / %x21-27 / %x2A-5B / %x5D-7E / obs-text
                     ; OWS / <VCHAR except "(", ")", and "\"> / obs-text

    The backslash character ("\") can be used as a single-character
    quoting mechanism only within comment constructs:

      quoted-cpair    = "\" ( WSP / VCHAR / obs-text )

    Producers SHOULD NOT escape characters that do not require escaping
    (the backslash character "\" and the parentheses "(" and ")").

BR, Julian
Received on Sunday, 27 September 2009 11:16:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:10 GMT