Re: ABNF switch: list rules

Zed A. Shaw wrote:
> ...
> On another note, is there a reason why it's specified this way with
> the allowed empty elements at random locations? 

I have no idea what it's good for and why it was specified this way in 
the first place.

> It makes more sense to just not send anything that'd be empty, rather
> than using empty elements.  In theory someone could just stream a ton of
> ',' to make the server do useless work, which could thwart some poorly
> implemented parsers.

As far as I recall, it's a known attack vector (don't forget there can 
be CRs in between the list as well...).

> I'm curious about the history if anyone knows it.

BR, Julian

Received on Saturday, 24 May 2008 09:59:45 UTC