- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 12 Jun 2007 22:40:00 +1000
- To: Dan Winship <dan.winship@gmail.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i64 On 21/04/2007, at 1:12 AM, Dan Winship wrote: > > Julian Reschke wrote: >> (see <http://www.w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31>) > > I think quoted-pair is broken too. Merging your fix into RFC2616 > gives: > > quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) > qdtext = <any TEXT excluding '"' and '\'> > quoted-pair = "\" CHAR > CHAR = <any US-ASCII character (octets 0 - 127)> > > but that means you can do this: > > HTTP/1.1 200 OK > Warning: "Don't misparse \ > this: it's really a single header!" > > (if the receiving implementation follows the recommendations in > 19.3 you > need to escape the LF instead of the CR, but it's otherwise the same.) > > RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and > NUL. > We should probably make the same change. > > -- Dan > -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 12 June 2007 12:40:16 UTC