Re: [Technical Errata Reported] RFC7231 (4031)

On 2014-07-01 08:09, Anne van Kesteren wrote:
> On Tue, Jul 1, 2014 at 5:20 AM, Mark Nottingham <> wrote:
>> Anne, is there security impact here?
> Rendering
>    Content-Type:text/html;
> vs showing some kind of error is one of the issues here.

True, but what would be a bigger concern is the case where draconic 
error handling results in a *loss* of security (and that's not the case 
here, right?).

>> I could see us starting work on a "Tolerant HTTP Header Field Parsing" spec if there's sufficient interest; it's a pretty thankless task, but personally I think it'd be worthwhile, and would contribute. We can spend a few minutes in Toronto on this if anyone else is interested...
> Exhaustive parsing rules for HTTP clients would be good. Having them
> differ is a big end user transition problem and can slow development
> on new clients, such as Servo.

It would be awesome if the people working on Servo would have a look at 
<> and 
try to come up with some kind of library that makes it easier to create 
parsers for the notoriously hard to parse yet similar header fields 
(C-C, WWW-A, C-D, C-T ...)

Best regards, Julian

Received on Tuesday, 1 July 2014 06:46:30 UTC