Talk:HTTP Response Splitting

I think the example code isn't actually vulnerable. The libraries appear to automatically escape the input.