Re: [Django] #34380: URLField assumes http

2023-03-02 Thread Django 
#34380: URLField assumes http
-+-
 Reporter:  Coen van der Kamp|Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  Forms|  Version:  4.1
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Coen van der Kamp):

 * has_patch:  0 => 1


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070186a49091b7-e55ba6d5-3508-4b2a-b7da-7c128916e1f9-00%40eu-central-1.amazonses.com.

Re: [Django] #34380: URLField assumes http

2023-03-02 Thread Django 
#34380: URLField assumes http
-+-
 Reporter:  Coen van der Kamp|Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  Forms|  Version:  4.1
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Coen van der Kamp):

 I've opened a pull request. And am happy to adjust if needed.
 https://github.com/django/django/pull/16614

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070186a48375e1-461df31d-5ee4-4e47-899e-f01d8bb033c1-00%40eu-central-1.amazonses.com.

[Django] #34380: URLField assumes http

2023-03-02 Thread Django 
#34380: URLField assumes http
+
   Reporter:  Coen van der Kamp |  Owner:  nobody
   Type:  Cleanup/optimization  | Status:  new
  Component:  Forms |Version:  4.1
   Severity:  Normal|   Keywords:
   Triage Stage:  Unreviewed|  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+
 In `django.forms.fields.URLField.to_python` the assumption is made that
 the `http` (no S) is a good default scheme for URLs that do not specify a
 scheme when submitted.

 Entering `example.com` in a URLField will give `http://example.com` as
 cleaned data.

 Ref:
 https://github.com/django/django/blame/main/django/forms/fields.py#L772-L774

 I think URLField should assume the safe option `https`.

 I've notified the security team, and they didn't see this as a security
 issue.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070186a47e3d34-fce0e3d7-275c-4221-ba50-01946579385f-00%40eu-central-1.amazonses.com.