On Thu, Oct 15, 2020 at 7:44 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On 2020-10-15 11:57, Ryan Sleevi wrote: > > On Thu, Oct 15, 2020 at 1:14 AM Jakob Bohm via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > > >>> For example, embedded new lines are discussed in 2.6 and the ABNF > >> therein. > >>> > >> > >> The one difference from RFC4180 is that CR and LF are not part of the > >> alternatives for the inner part of "escaped". > > > > > > Again, it would do a lot of benefit for everyone if you would be more > > precise here. > > > > For example, it seems clear and unambiguous that what you just stated is > > factually wrong, because: > > > > escaped = DQUOTE *(TEXTDATA / COMMA / CR / LF / 2DQUOTE) DQUOTE > > > > I was stating the *difference* from RFC4180 being precisely that > "simple, traditional CSV" doesn't accept the CR and LF alternatives in > that syntax production. Ah, that would explain my confusion: you’re using “CSV” in a manner different than what is widely understood and standardized. The complaint about newlines would be as technically accurate and relevant as a complaint that “simple, traditional certificates should parse as JSON” or that “simple, traditional HTTP should be delivered over port 23”; which is to say, it seems like this concern is not relevant. As the CSVs comply with RFC 4180, which is widely recognized as what “CSV” means, I think Jakob’s concern here can be disregarded. Any implementation having trouble with the CSVs produced is confused about what a CSV is, and thus not a CSV parser. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
