On Thu, Sep 22, 2011 at 3:16 AM, Ariya Hidayat <[email protected]>wrote:
> "vulnerability" is a too strong word for this case. > Right. It's not really a security issue and more of a straight up ugly bug. If I set my user agent to "blah blah\nwhoops I left a newline in there" I wouldn't expect my result to be "blah blah" when I pull the header on the server side. > > The way I look it is more like enforcing this contract: > > Setting a user agent should not falsify any other part of the HTTP > header sent to the server. > > Note that some advanced QtWebKit-based browser may want to give its > user the option to set a custom user agent. While it does make sense > to enforce that contract at the level of the API user (i.e. in the > said browser), it still does make sense to enforce it also within > (Qt)WebKit. > > > -- > Ariya Hidayat, http://ariya.ofilabs.com > _______________________________________________ > webkit-qt mailing list > [email protected] > http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt > -- ................................................................ *Sencha* Jarred Nicholls, Senior Software Architect @jarrednicholls <http://twitter.com/jarrednicholls>
_______________________________________________ webkit-qt mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt
