- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 12 Nov 2014 09:55:31 +0100
- To: Brian Smith <brian@briansmith.org>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Nov 12, 2014 at 9:40 AM, Brian Smith <brian@briansmith.org> wrote: > If you get a garbage Location like that for anything other than a > redirect, you just ignore it. When you get a garbage Location like > that for a redirect, you probably should just show an error page, > though you'd have to do a survey of browser implementations to know > for sure what to do. As far as I know, and I have tested these things, is that we need to follow it per how I described it. > In other words, when processing URLs in HTTP headers, in general you > need to deal with the URL according to RFC 3986 rules at the HTTP > level, and deal with the URL using HTML5 rules at the HTML level. That is nonsense. E.g. we are required to support (note the space) Location: /x x/ in HTTP. We don't use a different URL parser for HTTP. -- https://annevankesteren.nl/
Received on Wednesday, 12 November 2014 08:55:58 UTC