![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 9 years ago
Closed 9 years ago
#270 closed design (fixed)
\-escaping in quoted strings
| Reported by: | mnot@… | Owned by: | julian.reschke@… |
|---|---|---|---|
| Priority: | urgent | Milestone: | 16 |
| Component: | non-specific | Severity: | Active WG Document |
| Keywords: | Cc: |
Description
quoted-strings support \-escaping, so that <"> and "\" can appear in the final string. This process is not explicitly defined, however (although it is defined in RFC 5322, it isn't referenced from HTTP).
From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.
This needs to be explicitly defined for HTTP.
Additionally, the range of characters that can be \-escaped should be considered; it's only useful for the two characters above, and we already discourage senders from using others.
Change History (10)
comment:1 Changed 9 years ago by mnot@…
- Priority changed from normal to urgent
comment:2 Changed 9 years ago by mnot@…
comment:3 Changed 9 years ago by julian.reschke@…
From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.
This is somewhat misleading. What happens is that those that do not unescape will handle the "\" as character not allowed in filenames, and substitute it.
comment:4 Changed 9 years ago by mnot@…
That might make things more straightforward.
Currently, the relevant text is:
The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string constructs:
quoted-pair = "\" ( WSP / VCHAR / obs-text )
Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).
I'd propose:
The quoted-string construct uses the backslash octet ("\") as a signle-octet quoting mechanism:
quoted-pair = "\" ( WSP / VCHAR / obs-text )
Receivers that process the value of the quoted-string MUST handle a quoted-pair as if it were replaced by the octet following the backslash.
Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).
comment:5 Changed 9 years ago by julian.reschke@…
comment:6 Changed 9 years ago by julian.reschke@…
- Milestone changed from unassigned to 16
- Owner set to julian.reschke@…
comment:7 Changed 9 years ago by julian.reschke@…
comment:8 Changed 9 years ago by julian.reschke@…
- Resolution set to incorporated
- Status changed from new to closed
comment:9 Changed 9 years ago by mnot@…
- Resolution incorporated deleted
- Status changed from closed to reopened
comment:10 Changed 9 years ago by mnot@…
- Resolution set to fixed
- Status changed from reopened to closed
Prague editors' meeting: need to test both clients and servers to see if / how they do escaping.