Author xtreak
Recipients christian.heimes, martin.panter, nsonaniya2010, orsenthil, xtreak
Date 2019-01-16.10:32:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1547634723.37.0.302554574427.issue35748@roundup.psfhosted.org>
In-reply-to
Content
I just tested other implementations in Ruby and Go and they too return host as "evil.com" for "http://www.google.com@evil.com" along with the user info component.

$ ruby -e 'require "uri"; puts URI("http://www.google.com@evil.com").hostname'
evil.com
$ cat /tmp/foo.go
package main

import (
	"fmt"
	"net/url"
)

func main() {
	u, _ := url.Parse(`http://www.google.com@evil.com`)
	fmt.Println(u.Host);
	fmt.Println(u.User);
}
$ go run /tmp/foo.go
evil.com
www.google.com
History
Date User Action Args
2019-01-16 10:32:05xtreaksetrecipients: + xtreak, orsenthil, christian.heimes, martin.panter, nsonaniya2010
2019-01-16 10:32:03xtreaksetmessageid: <1547634723.37.0.302554574427.issue35748@roundup.psfhosted.org>
2019-01-16 10:32:03xtreaklinkissue35748 messages
2019-01-16 10:32:03xtreakcreate