Author xtreak
Recipients gregory.p.smith, martin.panter, miss-islington, orange, serhiy.storchaka, vstinner, ware, xiang.zhang, xtreak
Date 2019-05-02.16:58:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1556816300.15.0.353892978786.issue30458@roundup.psfhosted.org>
In-reply-to
Content
IMO it does qualify as a security issue. In case of urllib to be lenient and can be exploited it's good to document like tarfile and xml modules that have a warning about untrusted data potentially causing issues and perhaps link to a url validator that adheres to RFC in pypi. I would expect stdlib to handle this but in case it's not handled due to backwards compatibility and potential regressions a warning could be made about the same in the docs noting down the responsibility of the functions and that they are not always safe against malicious data.
History
Date User Action Args
2019-05-02 16:58:20xtreaksetrecipients: + xtreak, gregory.p.smith, vstinner, martin.panter, serhiy.storchaka, xiang.zhang, orange, miss-islington, ware
2019-05-02 16:58:20xtreaksetmessageid: <1556816300.15.0.353892978786.issue30458@roundup.psfhosted.org>
2019-05-02 16:58:20xtreaklinkissue30458 messages
2019-05-02 16:58:19xtreakcreate