Message237106
Do you think it would be enough to ensure the urlparse() result remembers whether the empty “//” was present or not? In other words, something like the following mockup (based on the Issue 22852 proposal). An example vunerable program would help me understand this as well.
>>> urlparse("////evil.com")
ParseResult(scheme="", netloc="", has_netloc=True, path="//evil.com", ...)
>>> urlunparse(_)
"////evil.com"
Or would we still need special handling of a path that starts with a double slash despite that; either URL-encoding the second slash, or maybe just raising an exception? Consider that the components are already supposed to be URL-encoded, and you can still generate unexpected valid URLs by giving other invalid components, such as
>>> urlunparse(("", "netloc/with/path", "/more/path", "", "", ""))
'//netloc/with/path/more/path' |
|
Date |
User |
Action |
Args |
2015-03-03 05:16:51 | martin.panter | set | recipients:
+ martin.panter, orsenthil, pitrou, vstinner, benjamin.peterson, python-dev, soilandreyes, yaaboukir |
2015-03-03 05:16:51 | martin.panter | set | messageid: <1425359811.66.0.522847300609.issue23505@psf.upfronthosting.co.za> |
2015-03-03 05:16:51 | martin.panter | link | issue23505 messages |
2015-03-03 05:16:51 | martin.panter | create | |
|