- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 11 Aug 2009 05:31:38 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>
This was discussed in Stockholm, and there was agreement in the room that the proper way to address this is to disallow CR and LF in *any* quoted-string. Comments? On 25/06/2009, at 3:53 PM, Mark Nottingham wrote: > Now #173: > http://trac.tools.ietf.org/wg/httpbis/trac/ticket/173 > > We probably need to have a more general discussion of chunk- > extensions as well... > > > On 18/06/2009, at 4:07 AM, Bjoern Hoehrmann wrote: > >> Hi, >> >> A chunk extension value is defined as either token or quoted- >> string. A >> quoted-string allows CRs and LFs for folding and in escaped form >> under >> RFC 2616; we have since outlawed the escaped form, and in headers, >> but >> not chunk extension values, we now outlaw producing them for >> folding as- >> well. Accepting and processing the latter correctly still appears >> to be >> a SHOULD level requirement; I am not sure about the former. >> >> It appears that implementations usually just read a line and ignore >> any- >> thing after the first ";" character at the beginning of a chunk. >> Perhaps >> the specification should use a CRLF-free quoted-string instead for >> this; >> if not, the considerations for obs-fold should apply to chunk >> extension >> values aswell, or obs-fold should not be used for chunk extension >> values >> (which would require a separate quoted-string production aswell). >> >> regards, >> -- >> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de >> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de >> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ >> > > > -- > Mark Nottingham http://www.mnot.net/ > > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 10 August 2009 19:32:18 UTC