From f0fadd520981ef43f1aee209c412e2583431bf57 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Wed, 16 Sep 2020 19:53:36 +0200
Subject: [PATCH] Add notice for metadata value validation (#161)

---
 protocol.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/protocol.md b/protocol.md
index d74a8a0..047a8e5 100644
--- a/protocol.md
+++ b/protocol.md
@@ -330,6 +330,10 @@ ASCII encoded and the value MUST be Base64 encoded. All keys MUST be unique.
 The value MAY be empty. In these cases, the space, which would normally separate
 the key and the value, MAY be left out.
 
+Since metadata can contain arbitrary binary values, Servers SHOULD
+carefully validate metadata values or sanitize them before using them
+as header values to avoid header smuggling.
+
 #### Requests
 
 ##### POST