[ic] HTTP Response Splitting

d davenport dances_with_peons at live.com
Sat May 11 09:09:18 UTC 2013

>From: Grant
>Sent: Saturday, May 11, 2013 3:56 AM
>To: interchange-users
>Subject: [ic] HTTP Response Splitting
>Am I safe from HTTP Response Splitting if I use [bounce]?
>- Grant

Mostly.  The [bounce] tag removes \r and \n, and the URL-encoded versions of 
them, from URLs before it puts them into the header.  Two other tag 
attributes -- "target" and "status" do appear to make it into the header 
unscrubbed.  But as long as you don't let user input touch those (which 
would be an outrageously bad idea anyway, for other reasons), you're fine.

For reference, the code that scrubs the URL actually specifically refers to 
that article you linked.  :)


More information about the interchange-users mailing list