subject:"\[issue43882\] urllib.parse should sanitize urls containing ASCII newline and tabs."

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

2021-04-19 Thread Mike Lissner

Change by Mike Lissner : -- nosy: +Mike.Lissner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

2021-04-18 Thread Karthikeyan Singaravelan

Karthikeyan Singaravelan added the comment: See also a related issue to sanitise newline on other helper functions https://bugs.python.org/issue30713 See also discussion and compatibility on disallowing control characters : https://bugs.python.org/issue30458 -- nosy: +gregory.p.smit

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

2021-04-18 Thread Senthil Kumaran

New submission from Senthil Kumaran : A security issue was reported by Mike Lissner wherein an attacker was able to use `\r\n` in the url path, the urlparse method didn't sanitize and allowed those characters be present in the request. > In [9]: from urllib.parse import urlsplit > In [10]: ur

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

3 matches

Site Navigation

Mail list logo

Footer information