- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sat, 24 Dec 2016 07:43:17 +0000
- To: Amos Jeffries <squid3@treenet.co.nz>
- cc: ietf-http-wg@w3.org
-------- In message <8f17660e-449f-7c4e-31b7-ba8d3f6af944@treenet.co.nz>, Amos Jeffries writes: >AFAICS for most of the headers that will benefit from generic syntax >parsing instead of custom parsers the desirable behavour is to normalize >foo;o=X;o=y down to just foo;o=y to prevent foo;o=X vs foo;o=y >interpretation differences by various recipients and nasty values being >smuggled through middleware. > >If we can avoid having parameter name duplication, that would be a good >step towards uniform handling of these smuggling protections. I have deliberately not written that dictionaries cannot have duplication, but smuggling prevention is a good reason to require that. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 24 December 2016 07:43:48 UTC