|
|
|
|
|
|
by nhooyr
1467 days ago
|
|
|
> It used to be the case that URL parsers would remove newlines and tabs, so we could split long URLs across lines and even format their query parameters nicely with tabs. Unfortunately, this was taken advantage of for data exfiltration via HTML injection and we no longer have this nice thing as URL parsers have been made more strict to prevent this kind of attack. Does anyone have a source/reference for this? |
|
|