Add test capturing missed expectation. Ref #1974.

author: Jason R. Coombs <jaraco@jaraco.com> 2022-07-17 16:25:59 -0400
committer: Jason R. Coombs <jaraco@jaraco.com> 2022-07-17 16:25:59 -0400
commit: 2296d0e885b9e575374c83724bebeb8a312c9a1e (patch)
tree: cc257488845f5f747c9d97ba4d936d45419c7b46
parent: 843eb98f2f726ab5775988a3c1a7b2013b753cfe (diff)
download: cherrypy-git-2296d0e885b9e575374c83724bebeb8a312c9a1e.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/cherrypy/test/test_request_obj.py b/cherrypy/test/test_request_obj.py
index 3aaa8e81..482027be 100644
--- a/cherrypy/test/test_request_obj.py
+++ b/cherrypy/test/test_request_obj.py
@@ -7,6 +7,8 @@ import types
 import uuid
 from http.client import IncompleteRead
 
+import pytest
+
 import cherrypy
 from cherrypy._cpcompat import ntou
 from cherrypy.lib import httputil
@@ -756,6 +758,17 @@ class RequestObjectTests(helper.CPWebCase):
                      headers=[('Content-type', 'application/json')])
         self.assertBody('application/json')
 
+    @pytest.mark.xfail(reason="#1974")
+    def test_dangerous_host(self):
+        """
+        Dangerous characters like newlines should be elided.
+        Ref #1974.
+        """
+        # foo\nbar
+        encoded = '=?iso-8859-1?q?foo=0Abar?='
+        self.getPage('/headers/Host', headers=[('Host', encoded)])
+        self.assertBody('foobar')
+
     def test_basic_HTTPMethods(self):
         helper.webtest.methods_with_bodies = ('POST', 'PUT', 'PROPFIND',
                                               'PATCH')
author	Jason R. Coombs <jaraco@jaraco.com>	2022-07-17 16:25:59 -0400
committer	Jason R. Coombs <jaraco@jaraco.com>	2022-07-17 16:25:59 -0400
commit	2296d0e885b9e575374c83724bebeb8a312c9a1e (patch)
tree	cc257488845f5f747c9d97ba4d936d45419c7b46
parent	843eb98f2f726ab5775988a3c1a7b2013b753cfe (diff)
download	cherrypy-git-2296d0e885b9e575374c83724bebeb8a312c9a1e.tar.gz