IETF Logo Mail Archive

Re: [apps-discuss] Feedback on multipart/form-data

Julian Reschke <julian.reschke@gmx.de> Thu, 19 September 2013 11:58 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF5221F92B8 for <apps-discuss@ietfa.amsl.com>; Thu, 19 Sep 2013 04:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.799
X-Spam-Level:
X-Spam-Status: No, score=-105.799 tagged_above=-999 required=5 tests=[AWL=-3.200, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwmB2+USHJUw for <apps-discuss@ietfa.amsl.com>; Thu, 19 Sep 2013 04:58:24 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 1337021F92CD for <apps-discuss@ietf.org>; Thu, 19 Sep 2013 04:58:17 -0700 (PDT)
Received: from [192.168.2.117] ([93.217.69.230]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Mh9cj-1Va37P0lN3-00MI4p for <apps-discuss@ietf.org>; Thu, 19 Sep 2013 13:58:14 +0200
Message-ID: <523AE6D5.9000105@gmx.de>
Date: Thu, 19 Sep 2013 13:58:13 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Dave Cridland <dave@cridland.net>
References: <pbT1pMwRJ3liAErfEE4eiOzhPsmRJD_dystcZP1odmoQfp-yE@smtp.gmail.com>
In-Reply-To: <pbT1pMwRJ3liAErfEE4eiOzhPsmRJD_dystcZP1odmoQfp-yE@smtp.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:wtBfccnDJG3pNSWa1ZQ/2wmg7I6bWEp9Kk2qYqdPbcRylSGseXI WCxyx1ZdhF2E56Aqrcjt+q23LartBONCc8VrvXOtbwP1QmLFgaiqEhOjNLd4zxCI3iqcdVE Vzlb2VPKNp3aiVzIdo0JtxaNXhRzWlHMhSaqgbd27z5UvXXFNOa7ECoS3KklDgnsg6Qfcmf ITJpT18Y039CRj+i/CVlw==
Cc: Ian Hickson <ian@hixie.ch>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Feedback on multipart/form-data
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2013 11:58:28 -0000

On 2013-09-19 13:34, Dave Cridland wrote:
> Julian Reschke wrote:
>> On 2013-08-15 20:28, Larry Masinter wrote:
>>>     I'm working on a revision to  RFC 2388 multipart/form-data
>>>     but I want some feedback before submitting a first draft.
>>>
>>>     I sent a pointer before,
>>>     https://www.w3.org/Bugs/Public/show_bug.cgi?id=16909#c8
>>>
>>>     but perhaps you can comment instead on
>>>     https://github.com/masinter/multipart-form-data
>>>
>>>
>>>     RFC 2388 was clear:
>>>     Field names originally in non-ASCII character sets may be encoded
>>>     within the value of the "name" parameter using the standard method
>>>     described in RFC 2047.
>>>
>>>     For reasons I don't understand, browsers did different, incompatible
>>>     things.
>>
>> Insane complexity? :-) Too many ways to do the same thing?
>
> RFC 2047 doesn't discuss parameters; though at least some mail MIME
> generators use it, instead of RFC 2231. (Google, for instance, generates
> mail using RFC 2047 encoded-words in parameters, but accepts either RFC
> 2047 or RFC 2231 encoded parameters).

Yup, it's wide-spread in mail, but not used a lot on the web.

>>>     I think the main advice is:
>>>
>>>     * those creating HTML forms
>>>     SHOULD use ASCII field names, since deployed HTML processors vary,
>>>     and field names shouldn't be visible to the user anyway.
>>
>> +1
>
> That's all well and good, but filenames are considerably more of a
> problem, I'd have thought. Moreover, I think existing HTTP clients don't
> escape '"' properly, as well.

Yes. There's also the issue clients not escaping backslashes in path 
names. (IE?)

>>>     * Those developing server infrastructure to read
>>> multipart/form-data     uploads
>>>     SHOULD be aware of the varying behavior of the browsers in
>>> translating
>>>     non-ASCII field names, and look for any of the variants (if they're
>>>     expecting non-ASCII field names).
>>
>> If this is a SHOULD we need to better understand what these variants
>> are. Study standard libraries? Write tests?
>
> I know of RFC 2047 and RFC 2231, as well as unencoded UTF-8 and
> unencoded ISO-8859-1 (I think).

No surprise here :-)

> I'd also note that I've yet to find a receiving processor that handles
> multipart/form-data when chunked - I'll admit I've not been looking
> much, though. It might be as well to note the interaction with chunked
> encoding.
>
> Sent with [inky: <http://inky.com?kme=signature>]

Best regards, Julian

v2.23.0 | Report a Bug | By Email