Simon Willison’s Weblog

Subscribe

Response Splitting Risk. Important reminder that you should always ensure strings used in HTTP headers don’t contain newlines.