[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Mike Lissner
report at bugs.python.org
Tue May 4 16:16:12 EDT 2021
Mike Lissner <mlissner at michaeljaylissner.com> added the comment:
I haven't watched that Blackhat presentation yet, but from the slides, it seems like the fix is to get all languages parsing URLs the same as the browsers. That's what @orsenthil has been doing here and plans to do in https://bugs.python.org/issue43883.
Should we get a bug filed with requests/urllib3 too? Seems like a good idea if it suffers from the same problems.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43882>
_______________________________________
More information about the Python-bugs-list
mailing list