Message342336
The issue is not about whether "file://" schema or not.
It's about the fact that urllib on Python 2 has two schemas that allow local file access. There is the well-known "file://" schema and there is the implementation artifact "local_file://". A careful, security-minded developer knows about the file:// schema and also knows how to block it. But the "local_file://" schema is a surprising side-effect of the implementation. |
|
Date |
User |
Action |
Args |
2019-05-13 14:53:28 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, martin.panter, matrixise, cstratak, xtreak, push0ebp, ware |
2019-05-13 14:53:28 | christian.heimes | set | messageid: <1557759208.84.0.84753771031.issue35907@roundup.psfhosted.org> |
2019-05-13 14:53:28 | christian.heimes | link | issue35907 messages |
2019-05-13 14:53:28 | christian.heimes | create | |
|