Message333758
I just tested other implementations in Ruby and Go and they too return host as "evil.com" for "http://www.google.com@evil.com" along with the user info component.
$ ruby -e 'require "uri"; puts URI("http://www.google.com@evil.com").hostname'
evil.com
$ cat /tmp/foo.go
package main
import (
"fmt"
"net/url"
)
func main() {
u, _ := url.Parse(`http://www.google.com@evil.com`)
fmt.Println(u.Host);
fmt.Println(u.User);
}
$ go run /tmp/foo.go
evil.com
www.google.com |
|
Date |
User |
Action |
Args |
2019-01-16 10:32:05 | xtreak | set | recipients:
+ xtreak, orsenthil, christian.heimes, martin.panter, nsonaniya2010 |
2019-01-16 10:32:03 | xtreak | set | messageid: <1547634723.37.0.302554574427.issue35748@roundup.psfhosted.org> |
2019-01-16 10:32:03 | xtreak | link | issue35748 messages |
2019-01-16 10:32:03 | xtreak | create | |
|