Martin Panter <vadmium...@gmail.com> added the comment: Issue 11671 is closely related and has a patch proposing to ban control characters including CRLF (but not spaces).
Also see Issue 22928 which added header field validation to the HTTP client module. ---------- dependencies: +Security hole in wsgiref.headers.Headers nosy: +martin.panter _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue28778> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
