Sevo Stille wrote: > > Even Control characters are allowed. Consider the following: > > > > ^H^H^H^H^H^H^H^H^H lots of these ^H^H /cgi-bin/environ.cgi HTTP/1.1 > > > > Of course control chars are and must be allowed - CGI is defined to be > transparent towards the application. For a request satisfied by the > server, the server would have to (and at any rate apache does) return a > 501 method not implemented error, according to the specs, par. 5.1.1. 1 Not really. RFC 2068 defines method as a token, which is "1*<any CHAR except CTLs or tspecials>" so the above may be rejected with a "400 Bad Request" reply as it is not valid HTTP syntax. HTTP puts restrictions on wich characters that are allowable in all parts of the protocol except the message body. --- Henrik Nordstrom
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:01 PDT