The user-id part of the basic authentication header value should
not contain control characters. This should be validated and
handled accordingly.
RFC 7617 The 'Basic' HTTP Authentication Scheme
Section 2. The 'Basic' Authentication Scheme states [0]
The user-id and password MUST NOT contain any control characters (see
"CTL" in Appendix B.1 of [RFC5234]).
RFC 5234Augmented BNF for Syntax Specifications: ABNF
Appendix B.1. Core Rules states
CTL = %x00-1F / %x7F
; controls
[0] https://datatracker.ietf.org/doc/html/rfc7617#section-2
[1] https://datatracker.ietf.org/doc/html/rfc5234#appendix-B.1
The user-id part of the basic authentication header value should
not contain control characters. This should be validated and
handled accordingly.
RFC 7617 The 'Basic' HTTP Authentication Scheme
Section 2. The 'Basic' Authentication Scheme states [0]
RFC 5234Augmented BNF for Syntax Specifications: ABNF
Appendix B.1. Core Rules states
[0] https://datatracker.ietf.org/doc/html/rfc7617#section-2
[1] https://datatracker.ietf.org/doc/html/rfc5234#appendix-B.1