Skip to content

Corrupting values in parameters: application responsibility? #1759

New issue
New issue
Closed
Closed
Corrupting values in parameters: application responsibility?#1759
Labels
clarificationrequests to clarify, but not change, part of the specparam serializationIssues related to parameter and/or header serializationreview
@bodawei

Description

@bodawei
bodawei
opened on Nov 27, 2018

It isn't clear from the spec how these cases should be handled when building a request to be sent.

  1. a header parameter that has "\r\n" in its value
  2. a cookie with ";" in its value
  3. a spaceDelimited value that has " " in it
  4. a pipeDelimited value that has "|" in it
  5. a label value with a "." in it
  6. a matrix, form, or simple styled non-exploded value with "," in its values

I assume that OAS has no way to protect an app from itself in these circumstances, and so it is the responsibility of the app not to send data like this in these cases, or for an OAS client library to report an error if it is asked to do so.

(in terms of protecting an app from itself, cases like a path parameter which has "?" in its value and a query parameter that has "&" in its value can be dealt with by percent encoding these values before inserting into the URL)

Metadata

Metadata

Assignees

No one assigned

    Labels

    clarificationrequests to clarify, but not change, part of the specparam serializationIssues related to parameter and/or header serializationreview

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions