Re: [CORS] Charset in content type

On Fri, 20 Mar 2009 18:59:52 +0100, Giovanni Campagna  
<scampa.giovanni@gmail.com> wrote:
> You may just enforce validity of known or possibly unsafe headers
> (Content-Type being the most important)

I don't think that is the right place.


>>> Or actually, they don't per current spec, but I think they should.
>>> (and anyway RFC2616 is not very clear about the field-value production)
>>
>> How is it unclear?
>
> field-value is a sequence of field-content, separated by linear white
> space. The problem is that field-content is a sequence of TEXT (any
> char) or token, separators and quoted-string.

That seems pretty clear.


> This means that any sequence of chars, quoted or un quoted, tokenized
> or not, is a valid field-content, and thus a valid field-value.
> This is probably because each header enforces its own syntaxes, but I
> don't feel much use in referencing field-value.

Why not? It's a lot more limited than any Unicode character.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Friday, 20 March 2009 18:26:51 UTC