1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
use Test::More tests => 2;
use strict;
use warnings;
use Dancer::Response;
use Dancer::Handler::Standalone;
my $r =
Dancer::Response->new(
headers => [ 'Location' => "http://good.com\nLocation: http://evil.com" ],
);
my $res = Dancer::Handler::Standalone->render_response($r);
is_deeply(
$res->[1],
[ 'Location' => "http://good.com\r\n Location: http://evil.com", 'Content-Length' => 0,],
"CRLF injections are not allowed... a space is added to make the second line an RFC-compliant continuation line."
);
$r = Dancer::Response->new(
headers => [
'Content-Length' => 0,
a => "foo\nevil body",
]
);
$res = Dancer::Handler::Standalone->render_response($r);
is $res->[1]->[3], "foo\r\n evil body";
|
