Message294694
I think the best behavior is to do what popular web browsers do. Chrome and Firefox, for example, parses this is host 127.0.0.1, path /, fragment #@evil.com.
If the code does want to support username/password, it should do a custom opener (with basic HTTP authentication) instead. |
|
Date |
User |
Action |
Args |
2017-05-29 13:24:14 | Nam.Nguyen | set | recipients:
+ Nam.Nguyen, martin.panter |
2017-05-29 13:24:14 | Nam.Nguyen | set | messageid: <1496064254.91.0.606557680521.issue30500@psf.upfronthosting.co.za> |
2017-05-29 13:24:14 | Nam.Nguyen | link | issue30500 messages |
2017-05-29 13:24:14 | Nam.Nguyen | create | |
|