apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/header_injection/java/SafeSetHeader.java
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

16 lines
570 B
Java
Raw Blame History

// Safe: request parameter routed through the project-local `stripCRLF`
// helper before being written to the response header.
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SafeSetHeader {
public static String stripCRLF(String raw) {
return raw.replace("\r", "").replace("\n", "");
}
public void handle(HttpServletRequest req, HttpServletResponse res) {
String lang = req.getParameter("lang");
String safe = stripCRLF(lang);
res.setHeader("X-Lang", safe);
}
}
Reference in a new issue View git blame Copy permalink