- From: Cameron McCormack <cam@mcc.id.au>
- Date: Tue, 2 May 2006 11:02:41 +1000
- To: "Web APIs WG (public)" <public-webapi@w3.org>
Mark Nottingham:
> If data is passed to the send() method, it must be used to create the
> entity body, using the following rules;
>
> 1) If data is a DOMString, it must be encoded as UTF-8.
You should make it clear that "it" refers to the entity body, rather
than 'data', IMO.
[re: setRequestHeader]
> 2) Nothing must be done if the header or value arguments contain any U
> +000A LINE FEED or U+000D CARRIAGE RETURN characters, or if the
> header argument contains any U+0020 SPACE or U+003A COLON charecters.
What if headers or values contain other inappropriate characters?
Headers should contain only ASCII characters in the range 33--126 minus
these:
[]()<>@,;:\"/?={}
and values can contain only ASCII characters in the range 32--126, plus
tab.
If you don't want to restrict the headers to be valid in terms of the
characters sent (and mind you there are other validity constraints, such
as only allowing multiple same headers for those that are defined to
take comma-separated lists, or enforcing proper quoting for those that
take quoted-strings), then at least it should be defined as to what
should happen when strings are passed that contain characters outside of
ASCII.
--
Cameron McCormack ICQ: 26955922
cam (at) mcc.id.au MSN: cam (at) mcc.id.au
http://mcc.id.au/ JBR: heycam (at) jabber.org
Received on Tuesday, 2 May 2006 01:02:53 UTC