Ticket #391 (closed editorial: incorporated)
transferring URIs with userinfo in payload
|Reported by:||email@example.com||Owned by:||firstname.lastname@example.org|
|Component:||p1-messaging||Severity:||In WG Last Call|
Also, taken literally, this rule prohibits even transmitting an HTML page containing a link with a userinfo subcomponent. Maybe:
Senders MUST NOT include a userinfo subcomponent (or its "@" delimiter) when transmitting an "http" URI in the request-line or header section of a message.
[Mark just commented on this in his review too but suggested "in a request-target". Not sure if the restriction was meant to include headers as well...]