On Windows-based systems, the sequence of two ASCII characters representing a line break in text files is called "Carriage Return, Line Feed," or CRLF. For example, when composing an email in Microsoft Outlook, pressing Enter inserts a CRLF sequence, which transmits as part of the email message to indicate the end of one line and the beginning of a new one.
LF, on the other hand, is a single ASCII character representing a line break on Unix-based systems, including Linux and macOS. The only differentiation between CRLF versus LF is the operating system you use to open the text file. When an LF sequence represents a line break in a Unix-based system, it will be replaced by CRLF when you open the text file on a Windows-based system.
A CRLF injection is a type of web application attack involving the insertion of malicious CRLF sequences into input fields or HTTP headers to manipulate web application behavior or bypass security controls. For example, an attacker might use a CRLF injection to add a fraudulent entry into a user’s comment section on a website, leading to misinformation or potential data breaches.
You can reduce the risk of CRLF injection attacks by validating user input and data, encoding and filtering special characters in HTTP requests and responses, using HTML and URL encoding, implementing security controls, and keeping software and security patches up to date.