[3.3][security] bpo-22928: Disabled HTTP header injections in http.client by vstinner · Pull Request #2861 · python/cpython
Original patch by Demian Brecht. Changed for the 3.3 backport: * remove subTest() from change * _is_legal_header_name regex: replace .fullmatch with .match, but add \A at start and \Z at end of the regex (cherry picked from commit a112a8a)
vstinner
changed the title
[3.3][security] Issue #22928: Disabled HTTP header injections in http.client.
[3.3][security] bpo-22928: Disabled HTTP header injections in http.client
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters