outlandishlizard commented on PR #619: URL: https://github.com/apache/httpcomponents-client/pull/619#issuecomment-2727473921
The RFC names quite a few reasons for using a pseudorandom or random value, which I have quoted. Additionally, I don't think that it is "providing a false sense of security" to ensure that users don't need to be aware of unique implementation details of a downstream library when parsing input. I have never before considered whether a message I was sending via cURL, or python requests, or any other number of tools might be mangled because of multipart encoding issues with the underlying library, and I'm a bit confused as to why you think your users, who may be several wrappers downstream, will have any idea that they need to escape these values-- it's not a normal application security consideration at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
