Summary: | NUL bytes in header values allowed for fetch-API | ||
---|---|---|---|
Product: | WebKit | Reporter: | jannis.rautenstrauch |
Component: | DOM | Assignee: | youenn fablet <youennf> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | achristensen, annevk, cdumez, karlcow, mike, webkit-bug-importer, youennf |
Priority: | P2 | Keywords: | BrowserCompat, InRadar |
Version: | Safari 17 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
See Also: | https://github.com/web-platform-tests/wpt/pull/45980 |
Description
jannis.rautenstrauch
2024-04-16 03:57:17 PDT
This seems to be restricted to no-cors case, where we do a sanitization in networking process, while we should check for nul headers in the response before. Pull request: https://github.com/WebKit/WebKit/pull/27869 Submitted web-platform-tests pull request: https://github.com/web-platform-tests/wpt/pull/45980 Committed 278389@main (85f98322e6a6): <https://commits.webkit.org/278389@main> Reviewed commits have been landed. Closing PR #27869 and removing active labels. |