Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't separate the headers from the body

Looks like it does to me. The content-type is printed with a \n and then Python implicitly adds a second newline. Or did you mean something else?



Hm, you're right. Response splitting and with that header injection should still be possible though, I think.

In any case having to manually make sure to print newlines in the right places and escape user input in headers correctly is insane.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: