std.http: assert against \r\n in headers - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	Andrew Kelley <andrew@ziglang.org>	2024-02-22 18:52:00 -0700
committer	Andrew Kelley <andrew@ziglang.org>	2024-02-23 02:37:11 -0700
commit	10beb19ce7804f9669f25a6b5d80e7eef3fdc14f (patch)
tree	17f59b46250bc7e2689d8fb1ce78fb990fb51176 /lib/std/Build/Module.zig
parent	d051b1396358d1b9229aefeeb2a61f7f46a4e5c3 (diff)
download	zig-10beb19ce7804f9669f25a6b5d80e7eef3fdc14f.tar.gz zig-10beb19ce7804f9669f25a6b5d80e7eef3fdc14f.zip

std.http: assert against \r\n in headers

The HTTP specification does not provide a way to escape \r\n in headers, so it's the API user's responsibility to ensure the header names and values do not contain \r\n. Also header names must not contain ':'. It's an assertion, not an error, because the calling code very likely is using hard-coded values or server-provided values that do not need to be checked, and the error would be unreachable anyway. Untrusted user input must not be put directly into into HTTP headers.

Diffstat (limited to 'lib/std/Build/Module.zig')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: