Martin Panter <vadmium...@gmail.com> added the comment:

Maybe related to Victor's "Issue 1" described in Issue 32085. That is also a 
security bug about CRLF in the URL's path, but was opened before Issue 30500 
was opened and the code changed, so I'm not sure if it is the same as this or 
not.

Also there is Issue 13359, a proposal to automatically percent-encode invalid 
URLs. For a security fix, I'm not sure but it might be safer to raise an 
exception, rather than rewriting the invalid URL to a valid one.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue35906>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to