Gregory P. Smith <g...@krypto.org> added the comment:
I've merged Idan's PR adding a strict_mode parameter to a2b_base64. It defaults to False for backwards compatibility. >From a security perspective, it'd be _ideal_ if this were True. But I expect >doing that would break a bunch of existing code and tests that has been >relying on some of the former leniency behaviors so I recommended the >conservative approach of the old-behavior default. It'd be a good thing to >change it to True, but disruptive. We need motivating reason to do that. As it is a new feature due to the new parameter, this is for 3.11. Workaround for Pythons without this: do a validity check before calling a2b_base64. I suspect a regex could be constructed for that if you're careful. If you come up with one, please share it here. ---------- components: +Extension Modules resolution: -> fixed stage: patch review -> commit review status: open -> closed versions: +Python 3.11 -Python 3.10 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43086> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
