[Mongrel] Bare carriage returns in HTTP headers
rossfsinger at gmail.com
Thu Mar 26 22:10:09 EDT 2009
Actually, I think the condition was that these URLs were being created
that either of these browsers (IE or Safari) don't do the right thing
when < or > are entered in the location bar. I do know for a fact,
however, that the condition Jonathan is talking about is because the
up 2 1/2 years ago:
On Thu, Mar 26, 2009 at 4:41 PM, Jonathan Rochkind <rochkind at jhu.edu> wrote:
> Oh, and PS, I know that IE6 sends those. Because I discovered it. Safari
> does too, for that matter. If they are (illegaly) in a URL in HTML or
> entered in the location bar, etc.
> My particular case in fact involved URLs in HTML (produced by a third party,
> but targetting my app) delivered to an ordinary user agent like IE6 or
> Firefox or Safari. Firefox would happily correct them before sending them
> to the server. IE6 and Safari, no.
> This is what I reported like a year and a half ago, and was told it wasn't
> mongrel's problem. And brought up again like four months ago, to see if with
> different developers you'd have a different opinion, and was again told it
> wasn't mongrel's problem.
> I guess someone with more pull than me found it inconvenient?
> Eric Wong wrote:
>> Jonathan Rochkind <rochkind at jhu.edu> wrote:
>>> My problem was with invalid query strings being sent to me by a vendor,
>>> not with problems in the header. So it won't be _exactly_ the same. I'm
>>> not sure if an apache rewrite map can change headers or not; it can change
>>> path/query string, which is all I needed. But I can show you what I did, in
>>> case it gives you ideas. It was a bit of a pain to figure out.
>>> And here's the simple Perl script that replaced illegal chars in URL
>>> path/query string:
>> These two those are no longer needed with the SVN version (which
>> we currently run in production on a pretty heavy site). I think
>> it was IE6 sending them and we can't ignore IE6 :<
>> Unfortunately I don't think it made the 1.1.5 release
>> I don't think I ever saw Mongrel error out on these. Is your vendor
>> really that brain damaged?
>> But man, this just creeps me out:
>> s/ /\+/g;
>> ps: "tr/ /+/;" should be a tick faster than "s/ /\+/g;" :)
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
More information about the Mongrel-users