Re: Escaping control characters in HTTP Digest (RFC 2617) (was: Escaping <\> in HTTP Digest (RFC 2617)) from Robert Sayre on 2007-05-24 (ietf-http-wg@w3.org from April to June 2007)

From: Robert Sayre <sayrer@gmail.com>
Date: Thu, 24 May 2007 12:57:35 -0400
To: "Eric Lawrence" <ericlaw@exchange.microsoft.com>
Cc: "Alexey Melnikov" <alexey.melnikov@isode.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <68fba5c50705240957u2696c054n5d4c082f40304e2@mail.gmail.com>

On 3/23/07, Eric Lawrence <ericlaw@exchange.microsoft.com> wrote:
>
> IE7 uses WDigest.dll, which escapes the \ into \\.
> IE6 and previous versions relied on Digest.dll, which did not escape the \.

What about control characters? Is there any reason to allow them,
escaped or not? I'm actually having problems with malicious
XMLHttpRequest scripts doing this.

-- 

Robert Sayre

Received on Thursday, 24 May 2007 16:57:39 UTC