Martin Panter added the comment:
Do you think it would be enough to ensure the urlparse() result remembers
whether the empty “//” was present or not? In other words, something like the
following mockup (based on the Issue 22852 proposal). An example vunerable
program would help me understand this as well.
>>> urlparse("////evil.com")
ParseResult(scheme="", netloc="", has_netloc=True, path="//evil.com", ...)
>>> urlunparse(_)
"////evil.com"
Or would we still need special handling of a path that starts with a double
slash despite that; either URL-encoding the second slash, or maybe just raising
an exception? Consider that the components are already supposed to be
URL-encoded, and you can still generate unexpected valid URLs by giving other
invalid components, such as
>>> urlunparse(("", "netloc/with/path", "/more/path", "", "", ""))
'//netloc/with/path/more/path'
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23505>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
