Reputation: 42543
How to escape a line break literal in the HTTP header?
In the HTTP header, line breaks are tokens to separate fields in the header.
But, if I wan't to send a line break literal in a custom field how should I escape it?
Upvotes: 18
Views: 15691
Answers (5)
Reputation: 3502
According to RFC2616 4.2 Message Headers:
Header fields can be extended over multiple lines by preceding each extra line with at least one SP or HT.
where SP means a space character (0x20) and HT means a horizontal tab character (0x09).
Upvotes: 6
Reputation: 14911
The actual answer to this question is that there is no standard for encoding line breaks.
You can use any Binary-to-text encoding such as URL-Encoding or Base64, but obviously that's only going to work if both sender and receiver implement the same method.
RFC 2616 did allow to 'fold' (i.e. wrap) header values over multiple lines, but the line breaks were treated as a single space character and not part of the parsed field value.
However, that specification has been obsoleted by RFC 7230 which forbids folding:
Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold).
This specification deprecates such line folding except within themessage/httpmedia type (Section 8.3.1).
A sender MUST NOT generate a message that includes line folding
A standard for line breaks in HTTP Header field values is not – and never was – established.
Upvotes: 11
Reputation: 9933
The idea is, that HTTP is ASCII-only and newlines and such are not allowed. If both sender and receiver can interpret YOUR encoding then you can encode whatever you want, however you want. That's how DNS international names are handled with the Host header (it's called PUNYCODE).
Short answer is: You don't, unless you control both sender and receiver.
Upvotes: 4
Reputation: 35117
If it's a custom field how you escape it depends entirely on how the targetted application is going to parse it. If this is some add on you created you could stick with URL encoding since it's pretty tried and true and lots of languages have encoding/decoding methods built in so your web app would encode it and your plug in (or whatever you're working on) would decode it.
Upvotes: 1
Reputation: 24747
If you are designing your own custom extension field, you may use BASE64 or quoted-printable to escape(and unescape) the value.
Upvotes: 12
Related Questions
- How to quote strings for use in HTTP header fields?
- HTTP header line break style
- How to send line break with curl?
- How to escape special characters in header of curl command
- nginx header variable escape special characters in header name
- New Line definition for HTTP/1.1 headers
- how to insert a line break into a header using cURL
- detecting end of http header with \r\n\r\n
- PHP HTTP Header end (or detect CR LF)
- Multi-line HTTP Headers Confusion