Felix Gröbert <groeb...@google.com> added the comment: If the spec forbids control characters in headers, the module should enforce that.
The most frequent example of header injection is the redirect-case: an application is forwarding using the Location header to a user-supplied URL. http://google.com/codesearch?as_q=self.redirect%5C%28self.request.get Other examples are proxies, setting user-agent, or, as you mention, custom set-cookies headers. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11671> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
