- From: Joakim Erdfelt <joakim@webtide.com>
- Date: Thu, 19 Sep 2024 15:19:27 -0500
- To: Ryan Hamilton <rch@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Biren Roy <birenroy@google.com>
Received on Friday, 20 September 2024 07:19:07 UTC
Allowing the `{}` characters is bound to conflict with URI template
declarations, making them harder to declare/parse.
https://datatracker.ietf.org/doc/html/rfc6570
Joakim Erdfelt / joakim@webtide.com
On Thu, Sep 19, 2024 at 3:10 PM Ryan Hamilton <rch@google.com> wrote:
> Howdy Folks,
>
> We've been doing some work lately to tighten up our HTTP spec compliance,
> specifically around invalid characters in URLs
> <https://quiche.googlesource.com/quiche/+/4249f8025caed1e3d71d04d9cadf42251acb7cac/quiche/balsa/header_properties.h#54>.
> Perhaps not surprisingly, we've seen many request which include one or more
> of the following character, which are prohibited by RFC 3986: *[]{}|^*
>
> Presumably other implementers see this as well? RFC 3986 came out in 2005
> and I suspect the web has evolved significantly since then. In much the
> same way the WG is addressing the issue of invalid characters in Cookies as
> part of rfc6265bis, is there any appetite in the WG for addressing the
> issue of invalid characters in URLs?
>
> Cheers,
>
> Ryan
>
Received on Friday, 20 September 2024 07:19:07 UTC