delta/qt5/qtwebsockets.git - code.qt.io: qt/qtwebsockets.git

diff options

author	Kurt Pattyn <pattyn.kurt@gmail.com>	2014-02-10 21:33:25 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2014-02-11 12:46:40 +0100
commit	de92bb09b12ff95bc9d03f930f54463a336f6263 (patch)
tree	684e2f563be156d54fd3acbefd8bd37f68067e4f /examples
parent	4c4cbf55f0a2e3d634b558079e48774937dd5773 (diff)
download	qtwebsockets-de92bb09b12ff95bc9d03f930f54463a336f6263.tar.gz

Check on newline characters in origin and urls

New line characters (\r\n) in the resource part of a url and in the origin string can be used to forge the http header and can lead to insertion of unwanted header entries. This can be an indication of an attack, so QWebSocket immediately refuses a connection. Change-Id: I9cdb309bfbe7025ad675925e6ea3e038476a1fd6 Reviewed-by: Frederik Gladhorn <frederik.gladhorn@digia.com>

Diffstat (limited to 'examples')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: