]> git.ipfire.org Git - thirdparty/tornado.git/commit
projects / thirdparty / tornado.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d869bf) | patch
web: Harden against invalid HTTP reason phrases 3552/head
authorBen Darnell <ben@bendarnell.com>
Wed, 10 Dec 2025 20:15:25 +0000 (15:15 -0500)
committerBen Darnell <ben@bendarnell.com>
Wed, 10 Dec 2025 20:15:25 +0000 (15:15 -0500)
commitf3b99cd34d4c6360f0db34b3c39f700c002b1415
tree92608273d61eee26bde805468e44c2405c6e452atree | snapshot
parent7d869bf2b17ae14c364b862d7f6dde7274e79fb9commit | diff
web: Harden against invalid HTTP reason phrases

We allow applications to set custom reason phrases for the HTTP status
line (to support custom status codes), but if this were exposed to
untrusted data it could be exploited in various ways. This commit
guards against invalid reason phrases in both HTTP headers and in
error pages.
tornado/test/web_test.py diff | blob | blame | history
tornado/web.py diff | blob | blame | history
Mirror of https://github.com/tornadoweb/tornado.git