[GitHub] trafficserver pull request: YTSATS-659 XSS via Host header for 404

danobi Mon, 30 Nov 2015 07:50:17 -0800

GitHub user danobi opened a pull request:

    https://github.com/apache/trafficserver/pull/355


    YTSATS-659 XSS via Host header for 404

    Validate the host header string to prevent malformed hostnames from being 
let in.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/danobi/trafficserver TS-4043

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/355.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #355
    
----
commit db4ad907fb75ee213dffef95bd774f5b14729fa7
Author: Daniel Xu <[email protected]>
Date:   2015-11-23T20:35:41Z

    YTSATS-659 XSS via Host header for 404
    
    Validate the host header string to prevent malicious javascript
    inclusion

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver pull request: YTSATS-659 XSS via Host header for 404

Reply via email to