New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RESTXQ Response: Encoding of Status Texts #1632

ChristianGruen opened this Issue Oct 12, 2018 · 0 comments


None yet
1 participant

ChristianGruen commented Oct 12, 2018

HTTP status texts should be restricted to a superset of US-ASCII*.

A recipient MUST parse an HTTP message as a sequence of octets in an
encoding that is a superset of US-ASCII [USASCII]. Parsing an HTTP
message as a stream of Unicode characters, without regard for the
specific encoding, creates security vulnerabilities due to the
varying ways that string processing libraries handle invalid
multibyte character sequences that contain the octet LF (%x0A).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment