- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 25 Aug 2009 15:29:40 +0200
- To: Mark Nottingham <mnot@mnot.net>
- CC: HTTP Working Group <ietf-http-wg@w3.org>, Henrik Nordstrom <henrik@henriknordstrom.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Julian Reschke wrote:
> ...
OK, so my understanding is that we disallow all control characters
except HTAB in comment and quoted-string, escaped or not.
Proposed patch:
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/173/173.diff>.
Relevant changes in Part 1:
-- snip --
A string of text is parsed as a single word if it is quoted using
double-quote marks.
quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
qdtext = WSP / %x21 / %x23-5B / %x5D-7E / obs-text
; WSP / <VCHAR except DQUOTE and "\"> / obs-text
obs-text = %x80-FF
The backslash character ("\") can be used as a single-character
quoting mechanism only within quoted-string and comment constructs:
quoted-pair = "\" ( WSP / VCHAR / obs-text )
Note that quoted-pair includes those characters otherwise disallowed
in quoted-string or comment (Section 3.2).
...
Comments can be included in some HTTP header fields by surrounding
the comment text with parentheses. Comments are only allowed in
fields containing "comment" as part of their field value definition.
comment = "(" *( ctext / quoted-pair / comment ) ")"
ctext = WSP / %x21-27 / %x2A-5B / %x5D-7E / obs-text
; WSP / <VCHAR except "(", ")", and "\"> / obs-text
...
Rules about implicit linear whitespace between certain grammar
productions have been removed; now it's only allowed when
specifically pointed out in the ABNF. Control characters other than
HTAB are no longer allowed in comment and quoted-string text (escaped
or not). Non-ASCII content in header fields and reason phrase has
been obsoleted and made opaque (the TEXT rule was removed)
(Section 1.2.2)
-- snip --
Feedback appreciated,
Julian
Received on Tuesday, 25 August 2009 13:37:03 UTC