On Fri, 20 Mar 2009 18:59:52 +0100, Giovanni Campagna
<scampa.giova...@gmail.com> wrote:
You may just enforce validity of known or possibly unsafe headers
(Content-Type being the most important)
I don't think that is the right place.
Or actually, they don't per current spec, but I think they should.
(and anyway RFC2616 is not very clear about the field-value production)
How is it unclear?
field-value is a sequence of field-content, separated by linear white
space. The problem is that field-content is a sequence of TEXT (any
char) or token, separators and quoted-string.
That seems pretty clear.
This means that any sequence of chars, quoted or un quoted, tokenized
or not, is a valid field-content, and thus a valid field-value.
This is probably because each header enforces its own syntaxes, but I
don't feel much use in referencing field-value.
Why not? It's a lot more limited than any Unicode character.
--
Anne van Kesteren
http://annevankesteren.nl/
