Re: [Bug 201] LWS allowed in Coded-URL from Jim Whitehead on 2005-12-06 (w3c-dist-auth@w3.org from October to December 2005)

From: Jim Whitehead <ejw@soe.ucsc.edu>
Date: Mon, 5 Dec 2005 17:23:33 -0800
To: Lisa Dusseault <lisa@osafoundation.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, WebDAV WG <w3c-dist-auth@w3.org>
Message-Id: <E14220CF-BDC8-453E-9D6D-828BA6FDEADF@cs.ucsc.edu>

I think we're covered by this, from 2.2 in RFC 2616:

    Many HTTP/1.1 header field values consist of words separated by LWS
    or special characters. These special characters MUST be in a quoted
    string to be used within a parameter value (as defined in section
    3.6).

        token          = 1*<any CHAR except CTLs or separators>

and, from 2.1:

implied *LWS
       The grammar described by this specification is word-based. Except
       where noted otherwise, linear white space (LWS) can be included
       between any two adjacent words (token or quoted-string), and
       between adjacent words and separators, without changing the
       interpretation of a field. At least one delimiter (LWS and/or
       separators) MUST exist between any two tokens (for the definition
       of "token" below), since they would otherwise be interpreted as a
       single token.


- Jim



On Dec 4, 2005, at 8:26 AM, Lisa Dusseault wrote:

>
> If I understand correctly, that's not the only place where  
> RFC2616's LWS rules get us into trouble.
>
>    TimeOut = "Timeout" ":" 1#TimeType
>    TimeType = ("Second-" DAVTimeOutVal | "Infinite")
>    DAVTimeOutVal = 1*digit
>
> Applying the 2616 word-based grammer to those rules, we could have  
> Timeout headers like
>
>   Timeout: Second-   	        1111
>
>   Timeout: Second-1   1   1   1
>
> Is my understanding of 2616 BNF grammar correct?  I'm not sure if  
> 1*DIGIT is one token or several, so it's not entirely clear to me  
> if the second example is allowed.  Certainly the intent of 2616 is  
> not to allow that because values like Content-Length are defined as  
> 1*DIGIT.
>
> Lisa
>
> On Dec 4, 2005, at 1:09 AM, bugzilla@soe.ucsc.edu wrote:
>
>> http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=201
>>
>> julian.reschke@greenbytes.de changed:
>>
>>            What    |Removed                     |Added
>> --------------------------------------------------------------------- 
>> -------
>>          AssignedTo|julian.reschke@greenbytes.de| 
>> lisa@osafoundation.org
>>
>>
>>
>> ------- Additional Comments From julian.reschke@greenbytes.de   
>> 2005-12-04 01:09 -------
>> Explanation:
>> <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.2.1.p.11>
>>
>> Suggested change: state that LWS is not allowed here, just like in  
>> the
>> grammar for "opaquelocktoken".
>>
>>
>>
>> ------- You are receiving this mail because: -------
>> You are the assignee for the bug, or are watching the assignee.
>

Received on Tuesday, 6 December 2005 01:23:53 UTC