On 10/15/06, Eden Li <[EMAIL PROTECTED]> wrote: > IE6 happily sends unsafe* characters unencoded if you've typed them > into the URL bar of your IE6 window. This could happen if you copy & > paste a URL from an email or web page. > > Mongrel doesn't seem to handle these properly. In 0.3.13.3 it would > print out something like: > > Sun Oct 15 23:05:38 CST 2006: BAD CLIENT (192.168.1.2): Invalid > HTTP format, parsing fails. > > 0.3.13.5 seems to ignore the request altogether (not even debug logs > say anything). > > It seems other web servers like LighTPD handle requests like this > without issue. Shouldn't mongrel follow suit? It isn't standard and > IE7 seems to have fixed this, but IE6 is still a large chunk of the > browser market, and I'd like for my users to get something more > meaningful than an IE error page if they've accidentally copied > something out of an email incorrectly. > > If there won't be a patch for Mongrel, is there some way I can get > LighTPD/pen to escape the request on Mongrel's behalf? > > * According to rfc2068: unsafe = CTL | SP | <"> | "#" | "%" | "<" | ">"
You could probably write a mongrel handler to cuddle with the params. -- Rick Olson http://weblog.techno-weenie.net http://mephistoblog.com _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
