diff options
| author | Roberto Clapis <roberto@golang.org> | 2021-04-07 14:36:40 +0200 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2021-05-10 23:42:56 +0000 |
| commit | 5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a (patch) | |
| tree | 2b936bb8bf6f8957348dcb17e424d9559c737372 /src/net/http/http.go | |
| parent | dc50683bf7ebdfde726d710131ba05fe97e10a07 (diff) | |
| download | go-5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a.tar.xz | |
net/http: switch HTTP1 to ASCII equivalents of string functions
The current implementation uses UTF-aware functions
like strings.EqualFold and strings.ToLower.
This could, in some cases, cause http smuggling.
Change-Id: I0e76a993470a1e1b1b472f4b2859ea0a2b22ada0
Reviewed-on: https://go-review.googlesource.com/c/go/+/308009
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src/net/http/http.go')
| -rw-r--r-- | src/net/http/http.go | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/net/http/http.go b/src/net/http/http.go index 4c5054b399..101799f574 100644 --- a/src/net/http/http.go +++ b/src/net/http/http.go @@ -62,15 +62,6 @@ func isNotToken(r rune) bool { return !httpguts.IsTokenRune(r) } -func isASCII(s string) bool { - for i := 0; i < len(s); i++ { - if s[i] >= utf8.RuneSelf { - return false - } - } - return true -} - // stringContainsCTLByte reports whether s contains any ASCII control character. func stringContainsCTLByte(s string) bool { for i := 0; i < len(s); i++ { |