Message 342336 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, cstratak, martin.panter, matrixise, push0ebp, vstinner, ware, xtreak
Date	2019-05-13.14:53:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1557759208.84.0.84753771031.issue35907@roundup.psfhosted.org>
In-reply-to

Content
The issue is not about whether "file://" schema or not. It's about the fact that urllib on Python 2 has two schemas that allow local file access. There is the well-known "file://" schema and there is the implementation artifact "local_file://". A careful, security-minded developer knows about the file:// schema and also knows how to block it. But the "local_file://" schema is a surprising side-effect of the implementation.

The issue is not about whether "file://" schema or not.

It's about the fact that urllib on Python 2 has two schemas that allow local file access. There is the well-known "file://" schema and there is the implementation artifact "local_file://". A careful, security-minded developer knows about the file:// schema and also knows how to block it. But the "local_file://" schema is a surprising side-effect of the implementation.

History
Date	User	Action	Args
2019-05-13 14:53:28	christian.heimes	set	recipients: + christian.heimes, vstinner, martin.panter, matrixise, cstratak, xtreak, push0ebp, ware
2019-05-13 14:53:28	christian.heimes	set	messageid: <1557759208.84.0.84753771031.issue35907@roundup.psfhosted.org>
2019-05-13 14:53:28	christian.heimes	link	issue35907 messages
2019-05-13 14:53:28	christian.heimes	create