[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran
report at bugs.python.org
Wed Feb 10 10:40:33 EST 2021
Senthil Kumaran <senthil at uthcode.com> added the comment:
Sorry for that, Ned. I will take a decision on this by Saturday (13-Feb).
I did some research, but could come way conclusively. I have not heard any opinions (+ves or -ves) on this. This will be a breaking change, so necessary to support it with documentation, alerts etc.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42967>
_______________________________________
More information about the Python-bugs-list
mailing list