W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [CORS] Charset in content type

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 20 Mar 2009 19:26:08 +0100
To: "Giovanni Campagna" <scampa.giovanni@gmail.com>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <op.uq3r5uav64w2qv@anne-van-kesterens-macbook.local>
On Fri, 20 Mar 2009 18:59:52 +0100, Giovanni Campagna  
<scampa.giovanni@gmail.com> wrote:
> You may just enforce validity of known or possibly unsafe headers
> (Content-Type being the most important)

I don't think that is the right place.


>>> Or actually, they don't per current spec, but I think they should.
>>> (and anyway RFC2616 is not very clear about the field-value production)
>>
>> How is it unclear?
>
> field-value is a sequence of field-content, separated by linear white
> space. The problem is that field-content is a sequence of TEXT (any
> char) or token, separators and quoted-string.

That seems pretty clear.


> This means that any sequence of chars, quoted or un quoted, tokenized
> or not, is a valid field-content, and thus a valid field-value.
> This is probably because each header enforces its own syntaxes, but I
> don't feel much use in referencing field-value.

Why not? It's a lot more limited than any Unicode character.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Friday, 20 March 2009 18:26:51 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT