On Tue, Dec 29, 2015 at 5:35 PM, Jim Jagielski <[email protected]> wrote: > >> On Dec 29, 2015, at 11:28 AM, Yann Ylavic <[email protected]> wrote: >> >> On Tue, Dec 29, 2015 at 5:16 PM, Jim Jagielski <[email protected]> wrote: >>> >>> PS: What determines "abusive" usage? >> >> When used to compare something which is not a HTTP token or a scheme >> (eg. config parameters). >> As I see it, the valid usage is against remote/untrusted data known to >> be defined in POSIX/C locale only... > > IMO, anything we check regarding config directives (like all the > proxy params) are also candidates for using "our" function. We > *know* our config directives are ASCII.
Makes sense, maybe we can enforce that in future patches and backport them easily, the first "use case" already requires enough changes IMHO :)
