- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 20 Apr 2007 17:27:35 +0200
- To: Dan Winship <dan.winship@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Dan Winship wrote: > Julian Reschke wrote: >> (see <http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31>) > > I think quoted-pair is broken too. Merging your fix into RFC2616 gives: > > quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) > qdtext = <any TEXT excluding '"' and '\'> > quoted-pair = "\" CHAR > CHAR = <any US-ASCII character (octets 0 - 127)> > > but that means you can do this: > > HTTP/1.1 200 OK > Warning: "Don't misparse \ > this: it's really a single header!" > > (if the receiving implementation follows the recommendations in 19.3 you > need to escape the LF instead of the CR, but it's otherwise the same.) > > RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL. > We should probably make the same change. Dan, good catch, you're probably right. I guess this deserves it's own issue... Best regards, Julian
Received on Friday, 20 April 2007 15:27:58 UTC