[Webkit-unassigned] [Bug 128593] New: Tighten XMLHttpRequest setRequestHeader value check
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 11 03:16:37 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=128593
Summary: Tighten XMLHttpRequest setRequestHeader value check
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: XML
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: youennf at gmail.com
XMLHttpRequest::setRequestHeader currently validates header names and values.
This validation could be tighten for header values as illustrated by http://w3c-test.org/web-platform-tests/master/XMLHttpRequest/setrequestheader-bogus-value.htm
According RFC2616, header values should be encoded as ISO-8859-1 and should not contain any control character except whitespaces (CR, LF, SPACE and TAB)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list