Jason Smith wrote: > As follow-up, I guess I would have to count this as a core Java API bug, > since the high-level functions (HttpURLConnection) allow you to routinely > emit bad markup. > > However, wouldn't it be prudent in Tomcat to recognize that something has > gone wrong with the method name earlier? Should method names ever be allowed > to contain numbers? How about carriage returns and other white space? > > So the root question is, should I write this up as a low-priority bug, or is > the current behavior desired?
Technically, there is a bug here. When we are reading the request method if we see CR or LF then the request is invalid and Tomcat should return a 400 Bad Request. If you could write this up in bugzilla that would be great. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
