Sihoon Lee <push0...@gmail.com> added the comment:
If developers allow only http:// or https:// as whitelist, it has no problem. But, If someone blocks only one file://, attacker can bypass it. This issue may provides attacker with bypassing method as new scheme. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35907> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
