[issue23505] Urlparse insufficient validation leads to open redirect
Martin Panter
report at bugs.python.org
Mon Jul 30 09:15:46 EDT 2018
Martin Panter <vadmium+py at gmail.com> added the comment:
Issue 34276 was opened about a similar case for “file:” URLs. I believe both “file:” scheme and no-scheme cases are a regression and could be fixed by adding another pair of slashes (an empty “netloc” part):
>>> urlparse("////foo.com") # No change
ParseResult(scheme='', netloc='', path='//foo.com', params='', query='', fragment='')
>>> urlunparse(_) # Knows to escape slashes with another double-slash
'////foo.com'
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue23505>
_______________________________________
More information about the Python-bugs-list
mailing list