Commit 40095992 authored by andersca's avatar andersca
Browse files

Reviewed by Darin.

        <rdar://problem/5245555> REGRESSION: HTTP header injection in XMLHttpRequest.setRequestHeader
        
        Check for either '\r' or '\n' in the header value.
        
        * xml/xmlhttprequest.cpp:
        (WebCore::isValidHeaderValue):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@23655 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 48c5af23
2007-06-20 Anders Carlsson <andersca@apple.com>
Reviewed by Darin.
<rdar://problem/5245555> REGRESSION: HTTP header injection in XMLHttpRequest.setRequestHeader
Check for either '\r' or '\n' in the header value.
* xml/xmlhttprequest.cpp:
(WebCore::isValidHeaderValue):
2007-06-20 Patti Hoa <patti@apple.com>
 
Reviewed by Geoffrey Garen.
......@@ -191,7 +191,7 @@ static bool isValidHeaderValue(const String& name)
// FIXME: This should really match name against
// field-value in section 4.2 of RFC 2616.
return !name.contains("\r\n");
return !name.contains('\r') && !name.contains('\n');
}
XMLHttpRequestState XMLHttpRequest::getReadyState() const
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment