- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Tue, 11 Aug 2009 00:50:54 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Bjoern Hoehrmann <derhoermi@gmx.net>
tis 2009-08-11 klockan 05:31 +1000 skrev Mark Nottingham:
> This was discussed in Stockholm, and there was agreement in the room
> that the proper way to address this is to disallow CR and LF in *any*
> quoted-string.
>
> Comments?
Escaped newlines or \0 characters in the form of quoted-pair very likely
to cause many parsers to fail no matter where these are seen. I know I
have always understood this as a mechanism intended for quoting special
characters like " ( and ), and not including CTLs.
Regarding chunked encoding allowing any newlines there is a very very
bad idea. Folding is not supported there, and no one expects to see
newlines in the middle of a chunk header quoted or not.
I would propose changing quoted-pair to restrict the allowable set to
non-CTLs to match most expectations on what values may be seen, not only
excluding CR or LF.
quoted-pair = "\" <any CHAR except CTLs>
instead of
quoted-pair = "\" CHAR
Regards
Henrik
Received on Monday, 10 August 2009 22:51:25 UTC