diff options
Diffstat (limited to 'cherrypy/test/test_request_obj.py')
-rw-r--r-- | cherrypy/test/test_request_obj.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/cherrypy/test/test_request_obj.py b/cherrypy/test/test_request_obj.py index 3aaa8e81..2478aabe 100644 --- a/cherrypy/test/test_request_obj.py +++ b/cherrypy/test/test_request_obj.py @@ -756,6 +756,16 @@ class RequestObjectTests(helper.CPWebCase): headers=[('Content-type', 'application/json')]) self.assertBody('application/json') + def test_dangerous_host(self): + """ + Dangerous characters like newlines should be elided. + Ref #1974. + """ + # foo\nbar + encoded = '=?iso-8859-1?q?foo=0Abar?=' + self.getPage('/headers/Host', headers=[('Host', encoded)]) + self.assertBody('foobar') + def test_basic_HTTPMethods(self): helper.webtest.methods_with_bodies = ('POST', 'PUT', 'PROPFIND', 'PATCH') |