Opened 12 years ago
Closed 11 years ago
#270 closed design (fixed)
\-escaping in quoted strings
Reported by: | mnot@… | Owned by: | julian.reschke@… |
---|---|---|---|
Priority: | urgent | Milestone: | 16 |
Component: | non-specific | Severity: | Active WG Document |
Keywords: | Cc: |
Description
quoted-strings support \-escaping, so that <"> and "\" can appear in the final string. This process is not explicitly defined, however (although it is defined in RFC 5322, it isn't referenced from HTTP).
From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.
This needs to be explicitly defined for HTTP.
Additionally, the range of characters that can be \-escaped should be considered; it's only useful for the two characters above, and we already discourage senders from using others.
Change History (10)
comment:1 Changed 12 years ago by mnot@…
- Priority changed from normal to urgent
comment:2 Changed 12 years ago by mnot@…
comment:3 Changed 12 years ago by julian.reschke@…
From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.
This is somewhat misleading. What happens is that those that do not unescape will handle the "\" as character not allowed in filenames, and substitute it.
comment:4 Changed 12 years ago by mnot@…
That might make things more straightforward.
Currently, the relevant text is:
The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string constructs:
quoted-pair = "\" ( WSP / VCHAR / obs-text )
Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).
I'd propose:
The quoted-string construct uses the backslash octet ("\") as a signle-octet quoting mechanism:
quoted-pair = "\" ( WSP / VCHAR / obs-text )
Receivers that process the value of the quoted-string MUST handle a quoted-pair as if it were replaced by the octet following the backslash.
Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).
comment:5 Changed 12 years ago by julian.reschke@…
comment:6 Changed 12 years ago by julian.reschke@…
- Milestone changed from unassigned to 16
- Owner set to julian.reschke@…
comment:7 Changed 12 years ago by julian.reschke@…
comment:8 Changed 12 years ago by julian.reschke@…
- Resolution set to incorporated
- Status changed from new to closed
comment:9 Changed 11 years ago by mnot@…
- Resolution incorporated deleted
- Status changed from closed to reopened
comment:10 Changed 11 years ago by mnot@…
- Resolution set to fixed
- Status changed from reopened to closed
Prague editors' meeting: need to test both clients and servers to see if / how they do escaping.