[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Éric Araujo
report at bugs.python.org
Sat Jan 23 17:28:26 EST 2021
Éric Araujo <merwok at netwok.org> added the comment:
The difference is that semicolon is defined in a previous specification.
I don’t see this change as providing support for custom delimiters in URL parsing, but offering an option to pick between two specifications.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42967>
_______________________________________
More information about the Python-bugs-list
mailing list