Message 333758 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xtreak
Recipients	christian.heimes, martin.panter, nsonaniya2010, orsenthil, xtreak
Date	2019-01-16.10:32:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1547634723.37.0.302554574427.issue35748@roundup.psfhosted.org>
In-reply-to

Content
I just tested other implementations in Ruby and Go and they too return host as "evil.com" for "http://www.google.com@evil.com" along with the user info component. $ ruby -e 'require "uri"; puts URI("http://www.google.com@evil.com").hostname' evil.com $ cat /tmp/foo.go package main import ( "fmt" "net/url" ) func main() { u, _ := url.Parse(`http://www.google.com@evil.com`) fmt.Println(u.Host); fmt.Println(u.User); } $ go run /tmp/foo.go evil.com www.google.com

I just tested other implementations in Ruby and Go and they too return host as "evil.com" for "http://www.google.com@evil.com" along with the user info component.

$ ruby -e 'require "uri"; puts URI("http://www.google.com@evil.com").hostname'
evil.com
$ cat /tmp/foo.go
package main

import (
	"fmt"
	"net/url"
)

func main() {
	u, _ := url.Parse(`http://www.google.com@evil.com`)
	fmt.Println(u.Host);
	fmt.Println(u.User);
}
$ go run /tmp/foo.go
evil.com
www.google.com

History
Date	User	Action	Args
2019-01-16 10:32:05	xtreak	set	recipients: + xtreak, orsenthil, christian.heimes, martin.panter, nsonaniya2010
2019-01-16 10:32:03	xtreak	set	messageid: <1547634723.37.0.302554574427.issue35748@roundup.psfhosted.org>
2019-01-16 10:32:03	xtreak	link	issue35748 messages
2019-01-16 10:32:03	xtreak	create