[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Michał Górny
report at bugs.python.org
Tue May 4 06:57:39 EDT 2021
Michał Górny <mgorny at gentoo.org> added the comment:
I hate to be the bearer of bad news but I've already found this change to be breaking tests of botocore and django. In both cases, the test failure is apparently because upstream used to reject URLs after finding newlines in the split components, and now they're silently stripped away.
Filed bugs:
https://github.com/boto/botocore/issues/2377
https://code.djangoproject.com/ticket/32713
Note that I'm not saying the change should be reverted.
----------
nosy: +mgorny
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43882>
_______________________________________
More information about the Python-bugs-list
mailing list