[issue39603] [security] http.client: HTTP Header Injection in the HTTP method
Senthil Kumaran
report at bugs.python.org
Wed Feb 12 09:35:43 EST 2020
Senthil Kumaran <senthil at uthcode.com> added the comment:
Welcome to work on the patch, Amir.
* We shouldn't be encoding anything.
* Create reject for Unicode control characters and reject the request if the request contains any control character. Write tests for this.
It will similar to one of the examples Victor has shared.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39603>
_______________________________________
More information about the Python-bugs-list
mailing list