On Apr 2, 2009, at 7:33 AM, Graham Dumpleton wrote:
"""When running under Python 3, servers MUST provide CGI HTTP
variables as strings, decoded from the headers using HTTP standard
encodings (i.e. latin-1 + RFC 2047)"""
Which is fair enough and basically what the RFCs say. At the moment I
don't apply RFC 2047 rules in Python 3.0 support in mod_wsgi, so just
need to do that.
I'd really *really* like to recommend that any mention of RFC 2047 is
stricken from the WSGI server requirements. I cannot imagine that
decoding actually accomplishing anything other than opening security
holes (think a filter in an upstream proxy that doesn't know how to do
2047-decoding passing something through that you now decode.)
Also, you have to only do the decoding on TEXT words according to the
spec, so the WSGI container now needs an HTTP header parser just in
order to determine where it should decode RFC2047 words and where not
to? I don't think so...
James
_______________________________________________
Web-SIG mailing list
Web-SIG@python.org
Web SIG: http://www.python.org/sigs/web-sig
Unsubscribe:
http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
