- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 20 Mar 2009 19:26:08 +0100
- To: "Giovanni Campagna" <scampa.giovanni@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
On Fri, 20 Mar 2009 18:59:52 +0100, Giovanni Campagna <scampa.giovanni@gmail.com> wrote: > You may just enforce validity of known or possibly unsafe headers > (Content-Type being the most important) I don't think that is the right place. >>> Or actually, they don't per current spec, but I think they should. >>> (and anyway RFC2616 is not very clear about the field-value production) >> >> How is it unclear? > > field-value is a sequence of field-content, separated by linear white > space. The problem is that field-content is a sequence of TEXT (any > char) or token, separators and quoted-string. That seems pretty clear. > This means that any sequence of chars, quoted or un quoted, tokenized > or not, is a valid field-content, and thus a valid field-value. > This is probably because each header enforces its own syntaxes, but I > don't feel much use in referencing field-value. Why not? It's a lot more limited than any Unicode character. -- Anne van Kesteren http://annevankesteren.nl/
Received on Friday, 20 March 2009 18:26:51 UTC