Opened 11 years ago

Closed 10 years ago

#64 closed editorial (fixed)

WS in quoted-pair

Reported by: mnot@… Owned by:
Priority: Milestone: unassigned
Component: p1-messaging Severity:
Keywords: Cc:

Description

I think quoted-pair is broken too. Merging your fix into RFC2616 gives:

quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext         = <any TEXT excluding '"' and '\'>
quoted-pair    = "\" CHAR
CHAR           = <any US-ASCII character (octets 0 - 127)>
]]>

but that means you can do this:

HTTP/1.1 200 OK
Warning: "Don't misparse \
this: it's really a single header!"

(if the receiving implementation follows the recommendations in 19.3 you need to escape the LF instead of the CR, but it's otherwise the same.)

RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL. We should probably make the same change.

Change History (3)

comment:1 Changed 11 years ago by mnot@…

  • Component set to messaging
  • Milestone set to unassigned

comment:2 Changed 10 years ago by mnot@…

  • Type changed from design to editorial

comment:3 Changed 10 years ago by julian.reschke@…

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [238]:

Resolve #64: quoted-pair: disallow escaping of NUL, CR and LF (closes #64).

Note: See TracTickets for help on using tickets.