Re: HTTP header field syntax [WAS: Re: Prefer Draft Feedback]

On 7/12/2011 10:01 p.m., Julian Reschke wrote:
> On 2011-12-07 03:45, Amos Jeffries wrote:
>> On Tue, 06 Dec 2011 19:46:47 +0100, Julian Reschke wrote:
>>> We're trying to find some structure in HTTP header field syntax, see
>>> <> for
>>> the work-in-progress.
>> That list of ABNF is missing the pattern that could be called
>> "quoted-blob" or such. Things which appear superficially to have the
>> syntax of quoted-string but exclude the quoted-pair (or failed to spec
>> escaping entirely, with the same end result). ie the string portion may
>> contain bare \ characters which will break attempts to use a
>> quoted-string parser on it.
> Oh, that's something we don't want to encourage!

>> Examples for this can be found in the new ETag ABNF from HTTPbis and the
>> path= parameter of Digest authentication. Possibly elsewhere I have not
>> run into yet.
> If "path" does this in Digest for WWW-Authenticate, then Digest is 
> broken and we should raise an erratum.

Err. double-checking myself that parameter name was "uri=" I was 
recalling from bad experiences ...
  with WebKit (Chrome)
  and Gecko (Firefox)

Arguably the RFC 2617 does not explicitly mention quotes in the 
definition and one can argue that they should not have placed the "" 
around the value. Still, its happening anyway.

On the Digest challenge header "domain=" explicitly defines use of 
quotes ( <"> absoluteURI | abs_path <">  ), again with no mention what 
to do with the quoted-pair escape character which MAY be in the URI 
query-string portion (RFC 2396 emphasis). This one has not been sighted 
(yet) AFAIK.


Received on Wednesday, 7 December 2011 10:31:21 UTC