W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Issue 245 (percent escaping), was: Working Group Last Call: Content-Disposition

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 21 Oct 2010 14:02:36 +0200
Message-ID: <4CC02BDC.3020603@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 17.10.2010 20:04, Julian Reschke wrote:
> ...
> 3) <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/245>: "warn about
> %xx in filenames being misinterpreted"
>
> (not yet addressed)
> ...

It just occurred to me that there may be a workaround for this problem, 
by using the quoted-string form and inserting a quote character into the 
%xx sequence.

Not so, because of UAs not handling escapes properly. Sigh. See test case:

    <http://greenbytes.de/tech/tc2231/#attwithfnrawpctencaq>

Thus, I'm adding a warning statement to the end of the description of 
"filename", pointing out the implementation problems:

        Note: Many user agents do not properly handle escape characters
        when using the quoted-string form.  Furthermore, some user agents
        erroneously try to perform unescaping of "percent" escapes (see
        Appendix C.2), an thus might misinterpret filenames containing he
        percent character followed by two hex digits.

(see <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1041>).

Best regards, Julian
Received on Thursday, 21 October 2010 12:03:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:30 GMT