Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't separate the headers from the body

Looks like it does to me. The content-type is printed with a \n and then Python implicitly adds a second newline. Or did you mean something else?



Hm, you're right. Response splitting and with that header injection should still be possible though, I think.

In any case having to manually make sure to print newlines in the right places and escape user input in headers correctly is insane.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: