Details
-
Bug
-
Resolution: Fixed
-
P3: Somewhat important
-
None
-
5.3.0 Beta1
-
None
Description
The checking on HTTP field values in QWebSocketPrivate::createHandshakeRequest() is too optimistic. It only checks if the value contains a '\r\n' sequence. This is not sufficient. The HTTP standard defines more illegal characters.
Attachments
Issue Links
- relates to
-
QTBUG-80700 QWebSockets: Share/improve header-parsing code
- Closed