IE6 happily sends unsafe* characters unencoded if you've typed them into the URL bar of your IE6 window. This could happen if you copy & paste a URL from an email or web page.
Mongrel doesn't seem to handle these properly. In 0.3.13.3 it would print out something like: Sun Oct 15 23:05:38 CST 2006: BAD CLIENT (192.168.1.2): Invalid HTTP format, parsing fails. 0.3.13.5 seems to ignore the request altogether (not even debug logs say anything). It seems other web servers like LighTPD handle requests like this without issue. Shouldn't mongrel follow suit? It isn't standard and IE7 seems to have fixed this, but IE6 is still a large chunk of the browser market, and I'd like for my users to get something more meaningful than an IE error page if they've accidentally copied something out of an email incorrectly. If there won't be a patch for Mongrel, is there some way I can get LighTPD/pen to escape the request on Mongrel's behalf? * According to rfc2068: unsafe = CTL | SP | <"> | "#" | "%" | "<" | ">" _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
