git.ipfire.org Git - thirdparty/tornado.git/commit

]> git.ipfire.org Git - thirdparty/tornado.git/commit

projects / thirdparty / tornado.git / commit

author	Ben Darnell <ben@bendarnell.com>
	Wed, 10 Dec 2025 20:15:25 +0000 (15:15 -0500)
committer	Ben Darnell <ben@bendarnell.com>
	Wed, 10 Dec 2025 20:57:47 +0000 (15:57 -0500)
commit	9c163aebeaad9e6e7d28bac1f33580eb00b0e421
tree	f0c03409ed1ab00bc26156f405192d8cef45ed5c	tree \| snapshot
parent	771472cfdaeebc0d89a9cc46e249f8891a6b29cd	commit \| diff

web: Harden against invalid HTTP reason phrases

We allow applications to set custom reason phrases for the HTTP status
line (to support custom status codes), but if this were exposed to
untrusted data it could be exploited in various ways. This commit
guards against invalid reason phrases in both HTTP headers and in
error pages.

tornado/test/web_test.py		diff \| blob \| blame \| history
tornado/web.py		diff \| blob \| blame \| history

Mirror of https://github.com/tornadoweb/tornado.git

RSS Atom