Logan Jones <loganasherjo...@gmail.com> added the comment:
I don't know if urlparse is actually "mishandling" these URLs. Looking over RFC 1808 (https://datatracker.ietf.org/doc/html/rfc1808.html) the BNF (https://datatracker.ietf.org/doc/html/rfc1808.html#section-2.2) seems to support what urlparse is reporting, at least for the first two examples. I'll try to break down each scenario. Maybe you can help me understand what you expect it to report? https : // /www.attacker.com ^ ^ ^ scheme Net loc Not a valid Delimeter netloc character, but is a valid abs_path beginning (according to the spec net_loc is allowed to be empty) https : /www.attacker.com/a/b ^ ^ scheme valid abs_path https : \ www.attacker.com/a/b ^ ^ scheme This isn't actually matched anywhere in the BNF, so if anything maybe a value error should have been raised? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44744> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
