This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author martin.panter
Recipients PaulMcMillan, benjamin.peterson, christian.heimes, martin.panter, orsenthil, pitrou, python-dev, soilandreyes, vstinner, yaaboukir
Date 2016-09-24.23:24:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1474759477.92.0.0583445036643.issue23505@psf.upfronthosting.co.za>
In-reply-to
Content 
It is not clear what Yassine’s bug is. Maybe it is about round-tripping from urlparse() → urlunparse(). If so, it could be solved by fixing either of the following two problems:

1. urlunparse() forgets the initial pair of slashes when netloc="". That might be addressed by Issue 22852, and documented as a limitation in the mean time.

2. urlunparse() accepts invalid components, such as netloc="", path="//evil.com", which transforms the path into a hostname. Yassine preferred to percent-encode the path and pass it through, though I think an exception would be more sensible. Or just documenting that there is little or no validation.

When considering the second problem of validation, you have to be aware that urlunparse() is documented to handle schemes like “mailto:” not listed in “uses_netloc”. According to RFC 6068, mailto://evil.com is valid syntax, and is decoded to netloc="", path="//evil.com". In this case, netloc="evil.com" would probably be invalid instead.
History
Date User Action Args
2016-09-24 23:24:37martin.pantersetrecipients: + martin.panter, orsenthil, pitrou, vstinner, christian.heimes, benjamin.peterson, python-dev, PaulMcMillan, soilandreyes, yaaboukir
2016-09-24 23:24:37martin.pantersetmessageid: <1474759477.92.0.0583445036643.issue23505@psf.upfronthosting.co.za>
2016-09-24 23:24:37martin.panterlinkissue23505 messages
2016-09-24 23:24:37martin.pantercreate