STINNER Victor <vstin...@redhat.com> added the comment:
Maybe webbrowser must be changed to become *very strict*. For example, raise an error if the URL doesn't start with "http://"; or "https://";. But add an option to opt-in for "unsafe" URLs with a warning in the doc to explain the risk on Windows? Another option is to add an optional callback to validate the URL. As the 'verify' parameter of logging.config.listen(): https://docs.python.org/dev/library/logging.config.html#logging.config.listen "pydoc -b" runs a local HTTP server but it uses regular "http://"; URLs, it doesn't use file://. Maybe only Windows should be modified, Unix is safe, no? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36021> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
