Re: [Technical Errata Reported] RFC7231 (4031)

On Tue, Jul 1, 2014 at 5:20 AM, Mark Nottingham <mnot@mnot.net> wrote:
> Anne, is there security impact here?

Rendering

  Content-Type:text/html;

vs showing some kind of error is one of the issues here.


> I could see us starting work on a "Tolerant HTTP Header Field Parsing" spec if there's sufficient interest; it's a pretty thankless task, but personally I think it'd be worthwhile, and would contribute. We can spend a few minutes in Toronto on this if anyone else is interested...

Exhaustive parsing rules for HTTP clients would be good. Having them
differ is a big end user transition problem and can slow development
on new clients, such as Servo.


-- 
http://annevankesteren.nl/

Received on Tuesday, 1 July 2014 06:10:15 UTC