[ruby-cvs:71055] normal:r63964 (trunk): webrick/httpresponse: set_redirect requires a valid URI

normal at ruby-lang.org normal at ruby-lang.org
Sat Jul 14 11:59:40 JST 2018


normal	2018-07-14 11:59:39 +0900 (Sat, 14 Jul 2018)

  New Revision: 63964

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=63964

  Log:
    webrick/httpresponse: set_redirect requires a valid URI
    
    Prevents response splitting and HTML injection attacks in
    poorly-written applications which blindly pass along user input
    in redirects.

  Modified files:
    trunk/lib/webrick/httpresponse.rb
    trunk/test/webrick/test_httpresponse.rb


More information about the ruby-cvs mailing list