Opened 15 years ago
Closed 15 years ago
#64 closed editorial (fixed)
WS in quoted-pair
Reported by: | mnot@… | Owned by: | |
---|---|---|---|
Priority: | Milestone: | unassigned | |
Component: | p1-messaging | Severity: | |
Keywords: | Cc: |
Description
I think quoted-pair is broken too. Merging your fix into RFC2616 gives:
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) qdtext = <any TEXT excluding '"' and '\'> quoted-pair = "\" CHAR CHAR = <any US-ASCII character (octets 0 - 127)> ]]>
but that means you can do this:
HTTP/1.1 200 OK Warning: "Don't misparse \ this: it's really a single header!"
(if the receiving implementation follows the recommendations in 19.3 you need to escape the LF instead of the CR, but it's otherwise the same.)
RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL. We should probably make the same change.
Change History (3)
comment:1 Changed 15 years ago by mnot@…
- Component set to messaging
- Milestone set to unassigned
comment:2 Changed 15 years ago by mnot@…
- Type changed from design to editorial
comment:3 Changed 15 years ago by julian.reschke@…
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed in [238]:
Resolve #64: quoted-pair: disallow escaping of NUL, CR and LF (closes #64).