[Webkit-unassigned] [Bug 128593] New: Tighten XMLHttpRequest setRequestHeader value check

Tue Feb 11 03:16:37 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=128593

           Summary: Tighten XMLHttpRequest setRequestHeader value check
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: XML
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: youennf at gmail.com

XMLHttpRequest::setRequestHeader currently validates header names and values.
This validation could be tighten for header values as illustrated by http://w3c-test.org/web-platform-tests/master/XMLHttpRequest/setrequestheader-bogus-value.htm
According RFC2616, header values should be encoded as ISO-8859-1 and should not contain any control character except whitespaces (CR, LF, SPACE and TAB)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.