1 files changed, 14 insertions, 0 deletions

diff --git a/test/test_environ.py b/test/test_environ.py
index 2b8079b..7f441fc 100755
--- a/test/test_environ.py
+++ b/test/test_environ.py
@@ -3,6 +3,9 @@
 
 import unittest
 import sys
+
+import itertools
+
 import bottle
 from bottle import request, tob, touni, tonat, json_dumps, _e, HTTPError, parse_date
 import tools
@@ -655,6 +658,17 @@ class TestResponse(unittest.TestCase):
         response['x-test'] = None
         self.assertEqual('None', response['x-test'])
 
+    def test_prevent_control_characters_in_headers(self):
+        apis = 'append', 'replace', '__setitem__', 'setdefault'
+        masks = '{}test', 'test{}', 'te{}st'
+        tests = '\n', '\r', '\n\r', '\0'
+        for api, mask, test in itertools.product(apis, masks, tests):
+            hd = bottle.HeaderDict()
+            func = getattr(hd, api)
+            value = mask.replace("{}", test)
+            self.assertRaises(ValueError, func, value, "test-value")
+            self.assertRaises(ValueError, func, "test-name", value)
+
     def test_expires_header(self):
         import datetime
         response = BaseResponse()