Link: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/64
Origin: http://www.w3.org/mid/4628D855.2050409@gmail.com
Component: p1-messaging
I think quoted-pair is broken too. Merging your fix into RFC2616 gives:
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) qdtext = <any TEXT excluding '"' and '\'> quoted-pair = "\" CHAR CHAR = <any US-ASCII character (octets 0 - 127)> ]]>
but that means you can do this:
HTTP/1.1 200 OK Warning: "Don't misparse \ this: it's really a single header!"
(if the receiving implementation follows the recommendations in 19.3 you need to escape the LF instead of the CR, but it's otherwise the same.)
RFC 2822 updates RFC 822's quoted-pair rule to disallow CR, LF, and NUL. We should probably make the same change.
Fixed in [238]:
Resolve #64: quoted-pair: disallow escaping of NUL, CR and LF (closes #64).