#10188: HttpResponse does not filter CR/LF characters from headers
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: rokclimb15
Status: new | Milestone:
Component: HTTP handling | Version: 1.0
Resolution: | Keywords:
Stage: Design decision needed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 1
Needs_better_patch: 0 |
---------------------------------------------+------------------------------
Changes (by rokclimb15):
* owner: nobody => rokclimb15
* needs_tests: 0 => 1
* stage: Unreviewed => Design decision needed
Comment:
I think this is an excellent idea from a security perspective. This will
eliminate the possibility of HTTP response splitting in Django apps. I
will test this patch over the weekend and seek a design decision on
whether or not it should be included.
--
Ticket URL: <http://code.djangoproject.com/ticket/10188#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
