This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author xtreak
Recipients demian.brecht, gvanrossum, martin.panter, orsenthil, serhiy.storchaka, vstinner, xtreak, yselivanov
Date 2019-03-27.16:16:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
See also issue36338 for a possible security issue for host of value "[]" (spam[::1] format) where is parsed as the host name assuming presence of [ and ] to be a IPV6 address without validation of the value inside [] to be a valid IPV6 address.

As a datapoint input "http://[::1]spam" raises exception in Java, golang and Ruby. Browser's JS console returns invalid URL. I too would like exception being raised but not sure at which level.

Ruby seems to use a regex :
Java parseurl :
golang :

See also

If input starts with U+005B ([), then:

    If input does not end with U+005D (]), validation error, return failure.

    Return the result of IPv6 parsing input with its leading U+005B ([) and trailing U+005D (]) removed.
Date User Action Args
2019-03-27 16:16:05xtreaksetrecipients: + xtreak, gvanrossum, orsenthil, vstinner, martin.panter, serhiy.storchaka, yselivanov, demian.brecht
2019-03-27 16:16:05xtreaksetmessageid: <>
2019-03-27 16:16:05xtreaklinkissue20271 messages
2019-03-27 16:16:05xtreakcreate