curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: nul bytes in form field names

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 19 Sep 2017 16:55:42 +0200 (CEST)

On Tue, 19 Sep 2017, Patrick Monnerat via curl-library wrote:

> According to standards, nul bytes are allowed and significant characters in
> form field names. This practice is however discouraged since it may lead to
> header parsing errors or be understood by servers as an attack attempt. In
> addition, header syntaxes containing nul bytes are now deprecated [1].

I don't see any good reason to support that edge case. I don't think I've ever
encountered such a use case in the real world and I've never seen a
curl/libcurl user who wanted it or used it.

I think it is better and clearer if we explictly do not support it, and
document this limitation.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2017-09-19

This message: [ Message body ]
Next message: Patrick Monnerat via curl-library: "Re: nul bytes in form field names"
Previous message: Patrick Monnerat via curl-library: "nul bytes in form field names"
In reply to: Patrick Monnerat via curl-library: "nul bytes in form field names"
Next in thread: Patrick Monnerat via curl-library: "Re: nul bytes in form field names"
Reply: Patrick Monnerat via curl-library: "Re: nul bytes in form field names"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]