[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.

From: Eli Zaretskii
Subject: Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.
Date: Thu, 08 Sep 2016 20:23:24 +0300

> From: Lars Ingebrigtsen <address@hidden>
> Cc: address@hidden,  address@hidden
> Date: Thu, 08 Sep 2016 11:07:17 +0200
> Eli Zaretskii <address@hidden> writes:
> > That makes very little sense to me, as it will re-introduce the
> > problems which caused us to add the test.  And it's a code change, so
> > it will require at least the same amount of testing that whatever fix
> > we come up with for this use case.  Sounds like lose-lose to me.
> The problems were pretty obscure, since most servers don't care much
> about what the length header says.  And removing the error-out has a
> very small chance of breaking anything, to put it mildly.

It sounds like you don't consider this issue serious enough to be
solved, in Emacs 25.1 or at all.  If so, I certainly disagree, and we
already decided we want to fix this.  So undoing that decision now
would be a step backwards for no good reason.

> And we have no idea how many of these unencoded parameters remain to be
> encoded (because of the rather wonky url calling conventions), so we
> could be adding these encoding patches piecemeal to Emacs 25.1 pretests
> for the next couple of years (at the current going rate of one per
> month) while waiting to find them all.

If we think other parts of the request can produce similar problems,
we can encode them all now.  At the time, the consensus was that this
couldn't happen, but if we made a mistake, it can be easily and safely

reply via email to

[Prev in Thread] Current Thread [Next in Thread]