[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran
report at bugs.python.org
Sun Apr 25 10:53:44 EDT 2021
Senthil Kumaran <senthil at uthcode.com> added the comment:
I have added a PR to remove ascii newlines and tabs from URL input. It is as per the WHATWG spec.
However, I still like to research more and find out if this isn't introducing behavior that will break existing systems. It should also be aligned the decisions we have made with previous related bug reports.
Please review.
----------
stage: patch review -> needs patch
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43882>
_______________________________________
More information about the Python-bugs-list
mailing list