[issue11671] Security hole in wsgiref.headers.Headers
Devin Cook
report at bugs.python.org
Sat Feb 23 18:00:48 CET 2013
Devin Cook added the comment:
Should now be compliant with this part of the spec:
"Each header_value must not include any control characters, including carriage returns or linefeeds, either embedded or at the end. (These requirements are to minimize the complexity of any parsing that must be performed by servers, gateways, and intermediate response processors that need to inspect or modify response headers.)"
----------
keywords: +patch
nosy: +devin
Added file: http://bugs.python.org/file29182/header_newlines.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11671>
_______________________________________
More information about the Python-bugs-list
mailing list