Simon Willison’s Weblog

19th October 2008 - Link Blog

Response Splitting Risk. Important reminder that you should always ensure strings used in HTTP headers don’t contain newlines.

Posted 19th October 2008 at 11:58 pm

Recent articles

Live blog: Code w/ Claude 2026 - 6th May 2026
Vibe coding and agentic engineering are getting closer than I'd like - 6th May 2026
LLM 0.32a0 is a major backwards-compatible refactor - 29th April 2026

This is a link post by Simon Willison, posted on 19th October 2008.

http 124 rails 110 responsesplitting 1 security 600

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe