Message342363
If developers allow only http:// or https:// as whitelist, it has no problem.
But, If someone blocks only one file://, attacker can bypass it.
This issue may provides attacker with bypassing method as new scheme. |
|
Date |
User |
Action |
Args |
2019-05-13 17:10:33 | push0ebp | set | recipients:
+ push0ebp, vstinner, christian.heimes, martin.panter, matrixise, cstratak, xtreak, ware |
2019-05-13 17:10:33 | push0ebp | set | messageid: <1557767433.68.0.105053377437.issue35907@roundup.psfhosted.org> |
2019-05-13 17:10:33 | push0ebp | link | issue35907 messages |
2019-05-13 17:10:33 | push0ebp | create | |
|