diff options
author | Jason R. Coombs <jaraco@jaraco.com> | 2022-07-17 16:25:59 -0400 |
---|---|---|
committer | Jason R. Coombs <jaraco@jaraco.com> | 2022-07-17 16:25:59 -0400 |
commit | 2296d0e885b9e575374c83724bebeb8a312c9a1e (patch) | |
tree | cc257488845f5f747c9d97ba4d936d45419c7b46 | |
parent | 843eb98f2f726ab5775988a3c1a7b2013b753cfe (diff) | |
download | cherrypy-git-2296d0e885b9e575374c83724bebeb8a312c9a1e.tar.gz |
Add test capturing missed expectation. Ref #1974.
-rw-r--r-- | cherrypy/test/test_request_obj.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/cherrypy/test/test_request_obj.py b/cherrypy/test/test_request_obj.py index 3aaa8e81..482027be 100644 --- a/cherrypy/test/test_request_obj.py +++ b/cherrypy/test/test_request_obj.py @@ -7,6 +7,8 @@ import types import uuid from http.client import IncompleteRead +import pytest + import cherrypy from cherrypy._cpcompat import ntou from cherrypy.lib import httputil @@ -756,6 +758,17 @@ class RequestObjectTests(helper.CPWebCase): headers=[('Content-type', 'application/json')]) self.assertBody('application/json') + @pytest.mark.xfail(reason="#1974") + def test_dangerous_host(self): + """ + Dangerous characters like newlines should be elided. + Ref #1974. + """ + # foo\nbar + encoded = '=?iso-8859-1?q?foo=0Abar?=' + self.getPage('/headers/Host', headers=[('Host', encoded)]) + self.assertBody('foobar') + def test_basic_HTTPMethods(self): helper.webtest.methods_with_bodies = ('POST', 'PUT', 'PROPFIND', 'PATCH') |