Commit
…itespace
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,7 +27,7 @@ | |
basestring) | ||
from .cookies import RequestsCookieJar, cookiejar_from_dict | ||
from .structures import CaseInsensitiveDict | ||
from .exceptions import InvalidURL, FileModeWarning | ||
from .exceptions import InvalidURL, InvalidHeader, FileModeWarning | ||
|
||
_hush_pyflakes = (RequestsCookieJar,) | ||
|
||
|
@@ -732,6 +732,24 @@ def to_native_string(string, encoding='ascii'): | |
|
||
return out | ||
|
||
# Moved outside of function to avoid recompile every call | ||
_CLEAN_HEADER_REGEX_BYTE = re.compile(b'^\\S[^\\r\\n]*$|^$') | ||
_CLEAN_HEADER_REGEX_STR = re.compile(r'^\S[^\r\n]*$|^$') | ||
|
||
def check_header_validity(header): | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Lukasa
Member
|
||
"""Verifies that header value doesn't contain leading whitespace or | ||
return characters. This prevents unintended header injection. | ||
:param header: tuple, in the format (name, value). | ||
""" | ||
name, value = header | ||
|
||
if isinstance(value, bytes): | ||
pat = _CLEAN_HEADER_REGEX_BYTE | ||
else: | ||
pat = _CLEAN_HEADER_REGEX_STR | ||
if not pat.match(value): | ||
raise InvalidHeader("Invalid return character or leading space in header: %s" % name) | ||
|
||
def urldefragauth(url): | ||
""" | ||
|
Is there a cross-reference link to the specification or RFC for prohibiting non-string values? According to RFC7230 §3.2, the BNF for header field values is: