Message341286
IMO it does qualify as a security issue. In case of urllib to be lenient and can be exploited it's good to document like tarfile and xml modules that have a warning about untrusted data potentially causing issues and perhaps link to a url validator that adheres to RFC in pypi. I would expect stdlib to handle this but in case it's not handled due to backwards compatibility and potential regressions a warning could be made about the same in the docs noting down the responsibility of the functions and that they are not always safe against malicious data. |
|
Date |
User |
Action |
Args |
2019-05-02 16:58:20 | xtreak | set | recipients:
+ xtreak, gregory.p.smith, vstinner, martin.panter, serhiy.storchaka, xiang.zhang, orange, miss-islington, ware |
2019-05-02 16:58:20 | xtreak | set | messageid: <1556816300.15.0.353892978786.issue30458@roundup.psfhosted.org> |
2019-05-02 16:58:20 | xtreak | link | issue30458 messages |
2019-05-02 16:58:19 | xtreak | create | |
|