summaryrefslogtreecommitdiffstats
path: root/Doc/library/http.server.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Doc/library/http.server.rst')
-rw-r--r--Doc/library/http.server.rst9
1 files changed, 9 insertions, 0 deletions
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index 4aa10e2..94647e9 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -499,3 +499,12 @@ Security Considerations
:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling
requests, this makes it possible for files outside of the specified directory
to be served.
+
+Earlier versions of Python did not scrub control characters from the
+log messages emitted to stderr from ``python -m http.server`` or the
+default :class:`BaseHTTPRequestHandler` ``.log_message``
+implementation. This could allow remote clients connecting to your
+server to send nefarious control codes to your terminal.
+
+.. versionadded:: 3.9.16
+ scrubbing control characters from log messages
generated by cgit v0.12 at 2025-09-03 05:45:03 (GMT)