Karthikeyan Singaravelan <tir.kar...@gmail.com> added the comment:
IMO it does qualify as a security issue. In case of urllib to be lenient and can be exploited it's good to document like tarfile and xml modules that have a warning about untrusted data potentially causing issues and perhaps link to a url validator that adheres to RFC in pypi. I would expect stdlib to handle this but in case it's not handled due to backwards compatibility and potential regressions a warning could be made about the same in the docs noting down the responsibility of the functions and that they are not always safe against malicious data. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue30458> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
