This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients benjamin.peterson, martin.panter, orsenthil, pitrou, python-dev, soilandreyes, vstinner, yaaboukir
Date 2015-03-03.00:11:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
>>> urlparse("//")
ParseResult(scheme='', netloc='', path='', params='', query='', fragment='')

I see in the netloc field, ok. But Firefox doesn't use Python to parse and url, and typing // in the address bar converts the address to file://// Not a website, but a local file.

So I don't understand the redirection part. Could you maybe write a vulnerable CGI script to demonstrate the bug?

I wrote the following HTML file to try to understand the bug, but I was only able to show the content of my local file /etc/issue:

    <META http-equiv="refresh" content="5;URL=////etc/issue">
<p><a href="////etc/issue">issue</a></p>
Date User Action Args
2015-03-03 00:11:47vstinnersetrecipients: + vstinner, orsenthil, pitrou, benjamin.peterson, python-dev, martin.panter, soilandreyes, yaaboukir
2015-03-03 00:11:47vstinnersetmessageid: <>
2015-03-03 00:11:47vstinnerlinkissue23505 messages
2015-03-03 00:11:47vstinnercreate