[Webkit-unassigned] [Bug 68560] [Qt] HTTP header injection vulnerability (QWebPage::userAgentForUrl)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 21 13:01:54 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68560
Jesus Sanchez-Palencia <jesus at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jesus at webkit.org
--- Comment #1 from Jesus Sanchez-Palencia <jesus at webkit.org> 2011-09-21 13:01:54 PST ---
(In reply to comment #0)
> Input on this matter is welcomed!
I'm not sure where exactly the "protection" should go, but I agree that we need it. Let's just make sure to have a test covering it as well.
Now that we had this heads-up, is there any other place our API might be prone to injection?!
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list