This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author apollo13
Recipients Mike.Lissner, apollo13, gregory.p.smith, lukasz.langa, mgorny, miss-islington, orsenthil, sethmlarson, xtreak
Date 2021-05-05.13:52:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620222728.68.0.973893151621.issue43882@roundup.psfhosted.org>
In-reply-to
Content 
Thank you for the kind words Michał. We (Django) are exactly in the position that you describe. Our validation, at least for now has to stay strict, exactly to prevent fallout further down the road (see https://github.com/django/django/pull/14349#pullrequestreview-652022529 for details).

Sure, we might have been a bit naive when relying on urllib.parse for parts of our validation routines, but this is why we have tests for this behavior. We can easily work around this fix and will issue a release shortly to prevent security issues for users on newer Python versions. But no matter how the Python code ends up in the long run, our validator (at least this specific class) cannot simply accept new URLs because a spec changed. We owe it to our users to keep in mind that relaxing the validation can cause other issues down the road.
History
Date User Action Args
2021-05-05 13:52:08apollo13setrecipients: + apollo13, gregory.p.smith, orsenthil, lukasz.langa, mgorny, Mike.Lissner, miss-islington, xtreak, sethmlarson
2021-05-05 13:52:08apollo13setmessageid: <1620222728.68.0.973893151621.issue43882@roundup.psfhosted.org>
2021-05-05 13:52:08apollo13linkissue43882 messages
2021-05-05 13:52:08apollo13create