Message397773
I've merged Idan's PR adding a strict_mode parameter to a2b_base64. It defaults to False for backwards compatibility.
From a security perspective, it'd be _ideal_ if this were True. But I expect doing that would break a bunch of existing code and tests that has been relying on some of the former leniency behaviors so I recommended the conservative approach of the old-behavior default. It'd be a good thing to change it to True, but disruptive. We need motivating reason to do that.
As it is a new feature due to the new parameter, this is for 3.11.
Workaround for Pythons without this: do a validity check before calling a2b_base64. I suspect a regex could be constructed for that if you're careful. If you come up with one, please share it here. |
|
Date |
User |
Action |
Args |
2021-07-19 00:56:06 | gregory.p.smith | set | recipients:
+ gregory.p.smith, eric.smith, python-dev, idan22moral |
2021-07-19 00:56:06 | gregory.p.smith | set | messageid: <1626656166.95.0.0287592840228.issue43086@roundup.psfhosted.org> |
2021-07-19 00:56:06 | gregory.p.smith | link | issue43086 messages |
2021-07-19 00:56:06 | gregory.p.smith | create | |
|