New submission from STINNER Victor: I propose to add new input_type and output_type to CodecInfo. These attributes would only be defined for base64, hex, ... codecs which are not the classic encode: str=>bytes, decode: bytes=>str codecs.
I also propose to modify str.encode() and bytes.encode() to only accept codecs using the right types. If the type doesn't match, the codec raises a LookupError. This issue should avoid the denial of service attack when a compression codec is used, see: https://mail.python.org/pipermail/python-dev/2013-November/130188.html ---------- messages: 202996 nosy: haypo, lemburg, ncoghlan, serhiy.storchaka priority: normal severity: normal status: open title: Blacklist base64, hex, ... codecs from bytes.decode() and str.encode() versions: Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19619> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
