Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NavigationPreloadManager.setHeaderValue should reject invalid HTTP header field values #1000

Open
mfalken opened this issue Nov 1, 2016 · 2 comments
Open

NavigationPreloadManager.setHeaderValue should reject invalid HTTP header field values #1000

mfalken opened this issue Nov 1, 2016 · 2 comments
Labels
apr-2017-f2f

Comments

@mfalken
Copy link
Member

mfalken commented Nov 1, 2016

(Spinning off of the long thread at #920)
The WIP Blink implementation requires the string to be latin1-only and contain no \r, \n, or \0, rejecting with a TypeError if not.

This should be specced. Probably we'd point to the Fetch spec's definition, which is being worked on at whatwg/fetch#332.
@jakearchibald jakearchibald mentioned this issue Mar 31, 2017
Closed
@jakearchibald
Copy link
Contributor

F2F: Yes.

@annevk
Copy link
Member

annevk commented Oct 23, 2018

This can be fixed now and tested for. I wonder if perhaps you should be even more restrictive and limit the range to 0x20-0x7E or some such.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
apr-2017-f2f
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jakearchibald @annevk @mfalken