-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] CRLF Header Splitting #875
Labels
Comments
I think this should be documented. |
kirillDanshin
added a commit
that referenced
this issue
Nov 8, 2020
Possible to merge #909 and close this issue? Thanks @erikdubbelboer |
erikdubbelboer
added a commit
that referenced
this issue
Dec 9, 2020
* 🐞 panic in fs.go #824 * fix issue #875 Signed-off-by: Kirill Danshin <kirill@danshin.pro> * improve issue 875 Co-authored-by: Fenny <fenny@gofiber.io> * Update header.go * Update header.go Co-authored-by: Kirill Danshin <kirill@danshin.pro> * remove foldReplacer * Improve removeNewLines Start replacing at the first character found, use bytes.Indexbyte to make the function signature more logical. Both bytes.indexByte and strings.IndexByte use exactly the same code: https://github.com/golang/go/blob/0c703b37dffe74d3fffc04347884bb0ee2fba5b3/src/internal/bytealg/indexbyte_amd64.s#L8-L20 Co-authored-by: wernerr <rene.werner@verivox.com> Co-authored-by: wernerr <rene@gofiber.io> Co-authored-by: Fenny <fenny@gofiber.io> Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
It's merged, I'll tag a release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The default library seems to serialize
&%0d%0a
replace it with empty spacesWhere fasthttp does not, I'm wondering if this should be either documented or fixed asap.
The text was updated successfully, but these errors were encountered: