tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: [OT] Protecting against HTTP response splitting
Date Fri, 01 Apr 2011 15:46:35 GMT
2011/4/1 Christopher Schultz <>:
> I think I'm doing to standardize on simply scanning for troublesome
> characters like \r and \n and throwing a MalformedURLException or
> something like that.

You'd better scan for allowed characters. The \r and \n are not the
only ones where the things may go wrong.

> If anyone else has any good ideas or Warnings about what might be a
> naive sanitization check, I'd be glad to hear them.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message