Which leads to sending improper, broken headers, injections and redirects not
working accordingly.
Location field's value should follow RFC2616 as far as I'm aware.
http://www.ietf.org/rfc/rfc2616.txt
This basically means that every special non-ASCII byte and not a control
character should be URL encoded (percent encoded). This would take care about
URL encoding, but also proper sanitation.
Original issue reported on code.google.com by jukka.m.svahn on 2 Dec 2012 at 9:30
Original issue reported on code.google.com by
jukka.m.svahn
on 2 Dec 2012 at 9:30