Skip to content

Bug in vchar_or_obs_text regex: shouldn't accept DEL #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
njsmith opened this issue Mar 20, 2018 · 1 comment
Closed

Bug in vchar_or_obs_text regex: shouldn't accept DEL #58

njsmith opened this issue Mar 20, 2018 · 1 comment

Comments

@njsmith
Copy link
Member

njsmith commented Mar 20, 2018

Currently our vchar_or_obs_text regex is:

vchar_or_obs_text = r"[\x21-\xff]"

However, this is incorrect... VCHAR is %x21-7E and obs-text is %x80-FF, so there's actually a one character gap in the middle of the range: \x7f (DEL) should not be included.

Of course, we might need to relax these checks anyway (#57), but if we do this should be intentional, not an accident :-)
@njsmith njsmith mentioned this issue Mar 20, 2018
Closed
njsmith added a commit to njsmith/h11 that referenced this issue May 6, 2018
@njsmith
Allow more characters in header values
aff879f 
The RFC says we should reject any header value that contains control
characters. But apparently in the real world, you have to both accept
and produce these sometimes (e.g. Google Analytics cookies use them).

As a compromise, we now accept most control characters, but continue
to disallow NUL (\x00) and all whitespace (\t\n\r\f\v and space),
except that space and tab are allowed inside header values when
surrounded by non-whitespace characters.

Closes: python-hypergh-57, python-hypergh-58
@njsmith njsmith mentioned this issue May 6, 2018
Merged
njsmith added a commit to njsmith/h11 that referenced this issue May 6, 2018
@njsmith
Allow more characters in header values
4e72ec4 
The RFC says we should reject any header value that contains control
characters. But apparently in the real world, you have to both accept
and produce these sometimes (e.g. Google Analytics cookies use them).

As a compromise, we now accept most control characters, but continue
to disallow NUL (\x00) and all whitespace (\t\n\r\f\v and space),
except that space and tab are allowed inside header values when
surrounded by non-whitespace characters.

Closes: python-hypergh-57, python-hypergh-58
@njsmith
Copy link
Member Author

njsmith commented Oct 30, 2018

We decided to redefine vchar_or_obs_text to allow most control characters (see #57 and #68), so this has been declared Not A Bug.

@njsmith njsmith closed this as completed Oct 30, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@njsmith