W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: #173: CR and LF in chunk extension values

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 6 Oct 2009 15:42:42 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, Henrik Nordstrom <henrik@henriknordstrom.net>
Message-Id: <2364D03F-4443-4FC4-BE89-572386991F04@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>
Now that we've dealt with allowed characters in quoted pairs <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/194 
 >, can we wrap this one up too? Julian, does your proposal need to be  
modified?

<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/173>



On 28/08/2009, at 9:28 AM, Henrik Nordstrom wrote:

> tor 2009-08-27 klockan 14:03 +0200 skrev Julian Reschke:
>
>> It appears that we *do* have consensus for disallowing controls in
>> quoted-pairs, thus for:
>>
>>   quoted-pair    = "\" ( WSP / VCHAR / obs-text )
>
> Yes.
>
>> However, if that's all that we do we won't have addresses issue #173
>> after all.
>
> Indeed.
>
>> Proposal:
>>
>> - add a new issue for disallowing CTLs in quoted-pair
>
> Yes.
>
>> - address #173 by tuning the definition of chunk-ext-val
>
> Which means defining a new variant of quoted-string which do not allow
> for folding for use in chunk-ext-val.
>
>    chunk-ext-val    = token / quoted-string-nf
>    quoted-string-nf = DQUOTE *( qdtext-nf / quoted-pair ) DQUOTE
>    qdtext-nf        = WSP / %x21 / %x23-5B / %x5D-7E / obs-text
>                     ; WSP / <VCHAR except DQUOTE and "\"> / obs-text
>
>
> assuming quoted-pair is fixed as discussed.
>
> Perhaps is should also be noted in text that folding is explicitly  
> forbidden in chunk headers.
>
> Comments are thankfully not allowed in chunk extensions from what I  
> can tell.
>
> Regards
> Henrik
>
>


--
Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 6 October 2009 04:43:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:12 GMT