On 2016 Nov 16 (Wed) at 22:01:10 +0900 (+0900), Job Snijders wrote: :I hope to capture in the draft that an implementation can choose which :characters of the Shutdown Communication they represent in the syslog or :'show bgp neighbor xxx' output. For instance, I'd recommend to squash :all newline/newpage/newfeed/newparagraph style chars and make sure that :the Communication is represented on a single line. I don't have the :proper words for the draft to express that (yet).
I've been thinking about wording for protecting the receiving system from possible bad input. I'm not worried about (valid) UTF-8 display chars, nor about whitespace things. I am worried about Little Bobby Tables, though. We also have to consider that this will be displayed possibly in a Unix Shell, Windows Shell, Syslog, SQL server, Web Server; and different chars have different meanings there. I'm not quite happy with the wording, but I would like something along these lines added. Possibly in the Security section, or at the end of Section #2. ==== Receiving systems SHOULD filter the message for the intended output environment and MAY change octets or sequences of octets for their local environment. As the message may be displayed on a command line, stored in a syslog server, in an SQL database, or even a Web Server different outputs MAY happen. Sending systems MUST NOT depend on changes to their sequences not happening. ==== (Consider, Little Bobby Tables https://www.xkcd.com/327/, printf escapes, Javascript/HTML, etc) -- Taxes, n.: Of life's two certainties, the only one for which you can get an extension. _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
