Author christian.heimes
Recipients christian.heimes, cstratak, martin.panter, matrixise, push0ebp, vstinner, ware, xtreak
Date 2019-05-13.14:53:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1557759208.84.0.84753771031.issue35907@roundup.psfhosted.org>
In-reply-to
Content
The issue is not about whether "file://" schema or not.

It's about the fact that urllib on Python 2 has two schemas that allow local file access. There is the well-known "file://" schema and there is the implementation artifact "local_file://". A careful, security-minded developer knows about the file:// schema and also knows how to block it. But the "local_file://" schema is a surprising side-effect of the implementation.
History
Date User Action Args
2019-05-13 14:53:28christian.heimessetrecipients: + christian.heimes, vstinner, martin.panter, matrixise, cstratak, xtreak, push0ebp, ware
2019-05-13 14:53:28christian.heimessetmessageid: <1557759208.84.0.84753771031.issue35907@roundup.psfhosted.org>
2019-05-13 14:53:28christian.heimeslinkissue35907 messages
2019-05-13 14:53:28christian.heimescreate