MCPcopy Index your code
hub / github.com/codeaashu/claude-code / sanitizeHeaderValue

Function sanitizeHeaderValue

src/utils/hooks/execHttpHook.ts:76–79  ·  view source on GitHub ↗

* Strip CR, LF, and NUL bytes from a header value to prevent HTTP header * injection (CRLF injection) via env var values or hook-configured header * templates. A malicious env var like "token\r\nX-Evil: 1" would otherwise * inject a second header into the request.

(value: string)

Source from the content-addressed store, hash-verified

74 * inject a second header into the request.
75 */
76function sanitizeHeaderValue(value: string): string {
77 // eslint-disable-next-line no-control-regex
78 return value.replace(/[\r\n\x00]/g, '')
79}
80
81/**
82 * Interpolate $VAR_NAME and ${VAR_NAME} patterns in a string using process.env,

Callers 1

interpolateEnvVarsFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected