[issue22928] HTTP header injection in urrlib2/urllib/httplib/http.client
Martin Panter
report at bugs.python.org
Tue Dec 16 02:43:51 CET 2014
Martin Panter added the comment:
There could be potential for breaking compatibility if people are intentionally sending values with folded lines (obsoleted by the new HTTP RFC).
Perhaps the same error should be raised for values that cannot be encoded in Latin-1? Also, maybe most control characters should trigger an error, not just CR and LF. Apart from line folding, the HTTP RFC only allows visible ASCII characters, spaces and tabs, and obsolete non-ASCII chars >= 0x80.
----------
nosy: +vadmium
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22928>
_______________________________________
More information about the Python-bugs-list
mailing list