[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests
Karthikeyan Singaravelan
report at bugs.python.org
Mon Sep 23 06:00:07 EDT 2019
Karthikeyan Singaravelan <tir.karthi at gmail.com> added the comment:
If I understand PR 16321 correctly it has a private hook to bypass validating invalid bytes in URL added in 3.7.4 and also has the fix to accept non-ascii values which is a regression from 2.7 to 3.0 . Will the latter to accept non-ascii values also be merged to security branches too given that it predates the security issue addressed ?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38216>
_______________________________________
More information about the Python-bugs-list
mailing list