diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2026-06-02 21:38:35 -0300 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2026-06-08 20:06:46 -0300 |
| commit | 526b1b414d8e215bf627b5722df12a09346dbf6b (patch) | |
| tree | bd1bbda69168233244ec57d7a49fa049f5e566e1 /scripts | |
| parent | 7f2afdd0f6a872ccb48d7fbdaacce9b11216af52 (diff) | |
Refs CVE-2026-48587 -- Added helper to properly split header values.
Extracted the repeated `split(",")` + per-token `.strip()` pattern into
a `split_header_value()` generator in django/utils/http.py. The previous
`cc_delim_re` regex only stripped whitespace adjacent to the comma
delimiter, leaving leading or trailing whitespace on the first and last
tokens. Now, `split_header_value()` strips every token fully, matching
RFC 9110's optional-whitespace rules.
Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions
