Change to standard: https://github.com/whatwg/html/pull/2849 Proposed tests (still need review): https://github.com/w3c/web-platform-tests/pull/6584 It seems good to fix this as this is the only way for someone to smuggle a U+0000 into a header value.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/33e02f52df5064f3e8e06eaed5c33ebf93aa6b70 commit 33e02f52df5064f3e8e06eaed5c33ebf93aa6b70 Author: Yutaka Hirano <yhirano@chromium.org> Date: Tue Sep 19 02:14:48 2017 [EventSource] Fix null character handling for ID buffer https://github.com/whatwg/html/issues/689 Bug: 752421 Change-Id: I12d9cc6f4556011729e1f4245868b864718e1f08 Reviewed-on: https://chromium-review.googlesource.com/666366 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org> Cr-Commit-Position: refs/heads/master@{#502763} [delete] https://crrev.com/670bf2378ee583458cc2924692fbb7c784506ec8/third_party/WebKit/LayoutTests/external/wpt/eventsource/format-field-id-null-expected.txt [modify] https://crrev.com/33e02f52df5064f3e8e06eaed5c33ebf93aa6b70/third_party/WebKit/Source/modules/eventsource/EventSourceParser.cpp [modify] https://crrev.com/33e02f52df5064f3e8e06eaed5c33ebf93aa6b70/third_party/WebKit/Source/modules/eventsource/EventSourceParserTest.cpp
Comment 1 by yhirano@chromium.org
, Aug 4 2017Status: Assigned (was: Unconfirmed)