On Apr 16, 2008, at 10:32 AM, Mark Pauley wrote:
The bug is in the php tool, not in webkit. From the RFC (rfc1341 http://www.w3.org/Protocols/rfc1341/7_2_Multipart.html)
boundary := 0*69<bchars> bcharsnospace
bchars := bcharsnospace / " "
bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" /
/ "," / "-" / "." / "/" / ":" / "=" / "?"
'+' is absolutely allowable, I'm betting that your upload tool
source has a faulty regular expression for grabbing multipart
boundaries. Perhaps what we really want here is a method of
specifying the multipart boundary to webkit... and so allow all
manner of hackers to work around parsing issues like this one
without encouraging people to write crappy parsers.
or, you could grab the webkit source, hack a work-around and ship
your own webkit dylib embedded in your app. Let's not go tooling
with code that works on millions of people's machines because of a
fault in code that works on thousands of people's machines.
You are correct by the letter of the spec that "+" is allowed in the
boundary separator. However, this is not the first time we've had a
site break in WebKit-based browsers when it worked fine in other
browsers, due to our choice of boundary characters. Even though the
spec allows a wide character set, I think it would be wise to limit
the characters we use to those sent by other browsers, since some web
developers develop against IE/Firefox and test against Safari as an
afterthought, if at all.
webkit-dev mailing list