W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [CORS] Charset in content type

From: Giovanni Campagna <scampa.giovanni@gmail.com>
Date: Fri, 20 Mar 2009 18:59:52 +0100
Message-ID: <65307430903201059v26910b6cmf791f4c78e362172@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: public-webapps <public-webapps@w3.org>
2009/3/19 Anne van Kesteren <annevk@opera.com>:
> On Thu, 19 Mar 2009 20:37:50 +0100, Giovanni Campagna
> <scampa.giovanni@gmail.com> wrote:
>>
>> Actually both of them are invalid per RFC2616 and thus should raise
>> SYNTAX_ERR.
>
> I do not want to enforce validity in the XMLHttpRequest API. That seems
> inconsistent with other APIs, e.g. the DOM API. (It also seems complex and
> impossible as not all headers are known.)

You may just enforce validity of known or possibly unsafe headers
(Content-Type being the most important)

>
>> Or actually, they don't per current spec, but I think they should.
>> (and anyway RFC2616 is not very clear about the field-value production)
>
> How is it unclear?
>

field-value is a sequence of field-content, separated by linear white
space. The problem is that field-content is a sequence of TEXT (any
char) or token, separators and quoted-string.
This means that any sequence of chars, quoted or un quoted, tokenized
or not, is a valid field-content, and thus a valid field-value.
This is probably because each header enforces its own syntaxes, but I
don't feel much use in referencing field-value.

>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>

Giovanni
Received on Friday, 20 March 2009 18:02:46 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT