Re: [VCARDDAV] Escaping dquote in a parameter value

Simon Perreault <simon.perreault@viagenie.ca> Wed, 20 June 2012 13:58 UTC

Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: vcarddav@ietfa.amsl.com
Delivered-To: vcarddav@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC6C921F8767; Wed, 20 Jun 2012 06:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1GRMhX8R++e; Wed, 20 Jun 2012 06:58:02 -0700 (PDT)
Received: from jazz.viagenie.ca (unknown [IPv6:2620:0:230:8000:226:55ff:fe57:14db]) by ietfa.amsl.com (Postfix) with ESMTP id D0EE421F8766; Wed, 20 Jun 2012 06:58:02 -0700 (PDT)
Received: from ringo.viagenie.ca (unknown [IPv6:2620:0:230:c064:415f:5dee:c87f:84f]) by jazz.viagenie.ca (Postfix) with ESMTPSA id 2920C415BD; Wed, 20 Jun 2012 09:58:02 -0400 (EDT)
Message-ID: <4FE1D6E9.8020303@viagenie.ca>
Date: Wed, 20 Jun 2012 09:58:01 -0400
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120216 Thunderbird/10.0.1
MIME-Version: 1.0
To: Cyrus Daboo <cyrus@daboo.name>
References: <50174924F12AC68AE58D5384@cyrus.local>
In-Reply-To: <50174924F12AC68AE58D5384@cyrus.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Calsify <calsify@ietf.org>, vcarddav@ietf.org
Subject: Re: [VCARDDAV] Escaping dquote in a parameter value
X-BeenThere: vcarddav@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF vcarddav wg mailing list <vcarddav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vcarddav>
List-Post: <mailto:vcarddav@ietf.org>
List-Help: <mailto:vcarddav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2012 13:58:03 -0000

Interesting. I follow your reasoning and agree with your conclusion.

Have you actually come across a parameter value that needed to contain a 
dquote?

Simon

On 2012-06-19 22:56, Cyrus Daboo wrote:
> Hi,
> As I am sure most people are aware, a double-quote character is
> forbidden to appear in a parameter value in both vCard and iCalendar.
> Yet there is a need to preserve double-quotes in a parameter value. So I
> am going to propose an extension to the specifications whereby a new
> escape mechanism is introduced solely for the purpose of allowing
> d-quote in a parameter value in a backwards compatible manner.
>
> My proposal is to use ^ (0x5e) as an escape character, with only the
> following two sequences allowed:
>
> ^^ - represents a single ^ character
> ^' - represents a single d-quote character
>
> I ruled out use of \ because some parsers erroneously eat that, and it
> would also be tempting to use \" which is definitely not possible
> because the dquote cannot appear.
>
> I also ruled out & (XML/HTML entity style) and % (URI style) style
> escaping as being too general - we don't need to escape arbitrary
> characters - only dquote. Also, I think & and % are already in common
> use in parameter values that have URIs, so would end up being escaped
> themselves a lot more. I suspect ^ is one of the least used characters
> and so the need to escape the escape character is less.
>
> Obviously there would need to be some backwards compatibility statement
> in regard to what to do with existing values with a single ^. I would
> suggest any combination that is not one of the above two, should be left
> alone when parsing. But when generating, it would be escaped as ^^.
>
> There are probably some other ascii symbols that are infrequently used
> too, that we could pick if there are strong arguments against ^, but for
> now I am happy with ^.
>
> Thoughts?
>


-- 
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
STUN/TURN server               --> http://numb.viagenie.ca