This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients benjamin.peterson, martin.panter, orsenthil, pitrou, python-dev, soilandreyes, vstinner, yaaboukir
Date 2015-03-02.23:54:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> This can be practically exploited this way :

Can you please elaborate on the "exploit" part? 

In Firefox, the "////etc/passwd" link shows me my local file /etc/passwd. Ok, but how is it an issue?

"//etc/passwd" also shows me file:////etc/passwd.

The OWASP article on Open Redirect shows example to redirect to a different website. Can you should an example how redirect to a website and not a file:// URL?
Date User Action Args
2015-03-02 23:54:15vstinnersetrecipients: + vstinner, orsenthil, pitrou, benjamin.peterson, python-dev, martin.panter, soilandreyes, yaaboukir
2015-03-02 23:54:15vstinnersetmessageid: <>
2015-03-02 23:54:15vstinnerlinkissue23505 messages
2015-03-02 23:54:15vstinnercreate