Simon Willison’s Weblog

Response Splitting Risk. Important reminder that you should always ensure strings used in HTTP headers don’t contain newlines.

Posted 19th October 2008 at 11:58 pm

Recent articles

JustHTML is a fascinating example of vibe engineering in action - 14th December 2025
OpenAI are quietly adopting skills, now available in ChatGPT and Codex CLI - 12th December 2025
GPT-5.2 - 11th December 2025

http 99 rails 74 responsesplitting 1 security 569

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe