apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/header_injection/python/safe_subscript_set.py
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

15 lines
440 B
Python
Raw Blame History

# Safe: request arg routed through `strip_crlf` (a registered
# HEADER_INJECTION sanitizer) before the subscript-set, so
# taint-header-injection stays clean.
from flask import request, make_response
def strip_crlf(raw):
return raw.replace("\r", "").replace("\n", "")
def handler():
lang = request.args.get("lang")
response = make_response("ok")
response.headers["X-Forwarded-By"] = strip_crlf(lang)
return response
Reference in a new issue View git blame Copy permalink