Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-38739

Provide more robust checking of illegal HTTP field values

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3: Somewhat important P3: Somewhat important
    • None
    • 5.3.0 Beta1
    • WebSockets
    • None

      The checking on HTTP field values in QWebSocketPrivate::createHandshakeRequest() is too optimistic. It only checks if the value contains a '\r\n' sequence. This is not sufficient. The HTTP standard defines more illegal characters.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            oyheskes Øystein Heskestad
            kurt.pattyn Kurt Pattyn
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes