Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extra security checks for Headers #229

Merged
merged 2 commits into from
Jan 3, 2016

Conversation

digitalresistor
Copy link
Member

This adds a sort of seatbelt that makes sure that applications using WebOb are less likely to be vulnerable to HTTP response splitting. Unfortunately due to the flexibility of WebOb it is difficult to guarantee that you can't add a header that is vulnerable, but this adds one more line of defense.

Closes #217

We want to provide some extra seatbelts for security reasons. HTTP
Response Splitting is on the OWASP list after all. This should not cause
any issues for existing applications that are well behaved, only if
untrusted user input is used would this be an issue. However it is hard
to argue against extra safety nets.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant