On 06/26/2015 06:44 AM, Amos Jeffries wrote: > + // invalid character somewhere in the line. > + // As long as we can find the LF, accept the characters > + // which we know are invalid in any URI, but actively used > + LfDelim.add('\0'); // Java > + LfDelim.add(' '); // IIS > + LfDelim.add('\"'); // Bing > + LfDelim.add('\\'); // MSIE, Firefox > + LfDelim.add('|'); // Amazon
On 06/26/2015 09:40 AM, Alex Rousskov wrote: > In your patch, please add support for all URI characters that we can > support (or at least all the "unwise" ones from RFC 2396), not just the > characters that recent deployments have already confirmed "as necessary > to accommodate". We do not want to come back to this every time some app > starts sending slightly malformed URIs. Just got another bug report from the real world. This time it is about the "^" character used in URLs on a Microsoft news site (probably coming from some affiliated advertisement services). I am posting this not to just to emphasize that the list of added characters is too limited, but to re-emphasize that the whole "allow what we know is actively used" approach is unfortunate. In your long-term patch, please add support for all URI characters that we can support (or at least all the "unwise" ones from RFC 2396). Thank you, Alex. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev