* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #270 (closed design: fixed)

Opened 3 years ago

Last modified 3 years ago

\-escaping in quoted strings

Reported by: mnot@pobox.com Owned by: julian.reschke@gmx.de
Priority: urgent Milestone: 16
Component: non-specific Severity: Active WG Document
Keywords: Cc:
Origin: http://www.w3.org/mid/4D4AF97B.2060006@gmx.de

Description

quoted-strings support \-escaping, so that <"> and "\" can appear in the final string. This process is not explicitly defined, however (although it is defined in RFC 5322, it isn't referenced from HTTP).

From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.

This needs to be explicitly defined for HTTP.

Additionally, the range of characters that can be \-escaped should be considered; it's only useful for the two characters above, and we already discourage senders from using others.

Change History

comment:1 Changed 3 years ago by mnot@pobox.com

  • Priority changed from normal to urgent

comment:2 Changed 3 years ago by mnot@pobox.com

Prague editors' meeting: need to test both clients and servers to see if / how they do escaping.

comment:3 Changed 3 years ago by julian.reschke@gmx.de

From testing Content-Disposition, it appears that some implementations will do as RFC 5322 suggests, while others will replace the character with _ or -, or stop processing the string.

This is somewhat misleading. What happens is that those that do not unescape will handle the "\" as character not allowed in filenames, and substitute it.

comment:4 Changed 3 years ago by mnot@pobox.com

That might make things more straightforward.

Currently, the relevant text is:

The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string constructs:

quoted-pair = "\" ( WSP / VCHAR / obs-text )

Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).

I'd propose:

The quoted-string construct uses the backslash octet ("\") as a signle-octet quoting mechanism:

quoted-pair = "\" ( WSP / VCHAR / obs-text )

Receivers that process the value of the quoted-string MUST handle a quoted-pair as if it were replaced by the octet following the backslash.

Senders SHOULD NOT escape octets that do not require escaping (i.e., other than DQUOTE and the backslash octet).

comment:5 Changed 3 years ago by julian.reschke@gmx.de

comment:6 Changed 3 years ago by julian.reschke@gmx.de

  • Owner set to julian.reschke@gmx.de
  • Milestone changed from unassigned to 16

comment:7 Changed 3 years ago by julian.reschke@gmx.de

From [1361]:

define \-escaping in quoted strings for characters other than \ and DQUOTE (see #270)

comment:8 Changed 3 years ago by julian.reschke@gmx.de

  • Status changed from new to closed
  • Resolution set to incorporated

comment:9 Changed 3 years ago by mnot@pobox.com

  • Status changed from closed to reopened
  • Resolution incorporated deleted

comment:10 Changed 3 years ago by mnot@pobox.com

  • Status changed from reopened to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.