James Y Knight wrote: > On Apr 2, 2009, at 7:33 AM, Graham Dumpleton wrote: > > > """When running under Python 3, servers MUST provide CGI HTTP > > variables as strings, decoded from the headers using HTTP standard > > encodings (i.e. latin-1 + RFC 2047)""" > > > > Which is fair enough and basically what the RFCs say. At the moment I > > don't apply RFC 2047 rules in Python 3.0 support in mod_wsgi, so just > > need to do that. > > I'd really *really* like to recommend that any mention of RFC 2047 is > stricken from the WSGI server requirements. I cannot imagine that > decoding actually accomplishing anything other than opening security > holes (think a filter in an upstream proxy that doesn't know how to do > 2047-decoding passing something through that you now decode.) > > Also, you have to only do the decoding on TEXT words according to the > spec, so the WSGI container now needs an HTTP header parser just in > order to determine where it should decode RFC2047 words and where not > to? I don't think so...
Something needs to decode RFC2047 words, at least until http-bis is widespread. I'd be OK with making the app do it as needed (since only it might know whether extension headers are token/quoted-string/TEXT). Robert Brewer fuman...@aminus.org _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
