FYI -- this seems to be patched with 3.3.5. [0]
Cheers,
Z.
References:
[0] http://lxml.de/3.3/changes-3.3.5.html
2014-04-15 20:30 GMT+02:00 Максим Кочкин :
> Hi, all
>
> I've accidentally found vulnerability in clean_html function of lxml python
> library. User can break schema of url with nonp
> the facebook user should not have unrealistic expectation to privacy.
I think this part says it all. I'd even drop the "unrealistic" out of
it. Keeping someone "private" on FB is like spraying it over a wall
and hoping nobody will notice, while a certain person is already
running an exhibition b
