CRLF injection is a specific way of injecting malicious code into an application. The main element of the attack is to inject “Carriage Return” (CR) and/or “Line Feed” (LF) characters into any kind of output. This injection is possible if a targeted application does not properly sanitize and neutralize all user-supplied data. One example of such an attack is “HTTP response splitting“.