Martin Panter <[email protected]> added the comment: Issue 11671 is closely related and has a patch proposing to ban control characters including CRLF (but not spaces).
Also see Issue 22928 which added header field validation to the HTTP client module. ---------- dependencies: +Security hole in wsgiref.headers.Headers nosy: +martin.panter _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue28778> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
